CVE-2003-0204

KDE 2 and <= 3.1.1 - Remote Code Execution via Ghostscript Viewer Missing -dPARANOIDSAFER and -dSAFER Arguments

Title source: manual
STIX 2.1

Description

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.

References (14)

Core 14
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105017403010459&w=2
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:049
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-296
Various Sources x_refsource_confirm
http://bugs.kde.org/show_bug.cgi?id=53343
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105034222521369&w=2
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Patch, Vendor Advisory x_refsource_confirm
http://www.kde.org/info/security/advisory-20030409-1.txt
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-002.html
Various Sources x_refsource_confirm
http://bugs.kde.org/show_bug.cgi?id=56808
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105001557020141&w=2
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-284
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-293
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105012994719099&w=2

Scores

EPSS 0.0150
EPSS Percentile 81.4%

Details

Status published
Products (18)
kde/kde 2.0
kde/kde 2.0.1
kde/kde 2.1
kde/kde 2.1.1
kde/kde 2.1.2
kde/kde 2.2
kde/kde 2.2.1
kde/kde 2.2.2
kde/kde 3.0
kde/kde 3.0.1
... and 8 more
Published May 05, 2003
Tracked Since Feb 18, 2026