Vulnerability Note VU#169841

dvips uses system() function insecurely thereby allowing arbitrary command execution

Original Release date: 16 Oct 2002 | Last revised: 12 Dec 2002


A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system.


The dvips utility is used to convert DVI files to PostScript(TM). Typically the output is sent to the printer.

RHSA-2002:194-18 states the vulnerability occurs because dvips, "uses the system() function insecurely when managing fonts."


A remote attacker can execute arbitrary code with the privileges of the lp user.


Apply a patch.


The following workaround is taken from RHSA-2002:194-18:

A work around for this vulnerability is to remove the print filter for DVI files.  The following commands, run as root, will accomplish this:

rm -f /usr/share/printconf/mf_rules/mf40-tetex_filters
rm -f /usr/lib/rhs/rhs-printfilters/dvi-to-ps.fpi

However, to fix the problem in the dvips utility as well as removing the print filter we recommend that all users upgrade these errata packages which contain a patch for this issue.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
DebianAffected-12 Dec 2002
Red Hat Inc.Affected-16 Oct 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was discovered by Olaf Kirch of SuSE.

This document was written by Ian A. Finlay and is based on information provided by Red Hat Inc.

Other Information

  • CVE IDs: CAN-2002-0836
  • Date Public: 15 Oct 2002
  • Date First Published: 16 Oct 2002
  • Date Last Updated: 12 Dec 2002
  • Severity Metric: 24.84
  • Document Revision: 14


If you have feedback, comments, or additional information about this vulnerability, please send us email.