CVE-2005-2471
netpbm-free - insecure program execution
EPSS 2.1%
Description
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
How to fix CVE-2005-2471
To remediate CVE-2005-2471, upgrade the affected package to a fixed version below.
- Debian/netpbm-free—upgrade to 2:10.0-9 or later
- Debian/netpbm-free—upgrade to 2:9.20-8.6 or later
Is CVE-2005-2471 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2:10.0-9
- from 0, < 2:9.20-8.6