Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 May 2010 12:04:31 +0200
From: Ludwig Nussel <>
Cc: "Steven M. Christey" <>
Subject: CVE request: ghostscript and gv


ghostscript executes initialization files relative to the current
directory. Unfortunately the -dSAFER option has no effect on those
files. So when viewing a file e.g. in /tmp a local attacker could
have the victim execute arbitrary postscript programs.
Upstream suggested to use -P- in addition to -dSAFER. That however
would mean every program using gs to render postscript has to be
checked. So fixing ghostscripts default behavior might be easier for

In the Debian bug report Paul also mentiones that gv creates a
temporary file in an insecure way:


 (o_   Ludwig Nussel
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.