Gnu A2Ps vulnerabilities

CVE-2015-8107 [HIGH] CWE-134 CVE-2015-8107: Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.

CVE-2001-1593 [LOW] CWE-59 CVE-2001-1593: The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user fun The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.

CVE-2014-0466 [MEDIUM] CVE-2014-0466: The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows contex The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.

CVE-2004-1170 [CRITICAL] CVE-2004-1170: a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the file a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

CVE-2004-1377 [LOW] CVE-2004-1377: The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow lo The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.