pstopnm in netpbm does not properly use the -dSAFER option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Netpbm | Netpbm | 2.10.0.8 (including) | 2.10.0.8 (including) |