FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

a2ps -- format string vulnerability

Affected packages
a2ps < 4.13b_8

Details

VuXML ID e359051d-90bd-11e5-bd18-002590263bf5
Discovery 2015-11-16
Entry 2015-11-22

Jong-Gwon Kim reports:

When user runs a2ps with malicious crafted pro(a2ps prologue) file, an attacker can execute arbitrary code.

References

CVE Name CVE-2015-8107
URL http://www.openwall.com/lists/oss-security/2015/11/16/4