What is CVE-2014-0466?

CVE-2014-0466 is a vulnerability in Gnu A2ps. Published 2014-04-03.

Is CVE-2014-0466 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gnu A2ps

CVE-2014-0466

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.

EPSS: 0.023 (81.3th percentile) — read the EPSS interpretation.

Affected products

Gnu A2ps — versions 4.14
N/a — versions n/a

Public proof-of-concept exploits

andir/nixos-issue-db-example

References

security@debian.org (x_refsource_CONFIRM)
security@debian.org (vdb-entry, x_refsource_BID)
security@debian.org (vendor-advisory, x_refsource_GENTOO)
security@debian.org (vendor-advisory, x_refsource_SUSE)
security@debian.org (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2014-0466?: CVE-2014-0466 is a vulnerability in Gnu A2ps. Published 2014-04-03.
Is CVE-2014-0466 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.