[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why does PDFPIC require unsafe mode -U, but PSPIC doesn't?
|
From: |
Deri |
|
Subject: |
Re: Why does PDFPIC require unsafe mode -U, but PSPIC doesn't? |
|
Date: |
Sun, 30 Jul 2023 18:56:18 +0100 |
On Sunday, 30 July 2023 16:43:28 BST Michał Kruszewski wrote:
> I do not have much knowledge in this area.
> I just came across this interesting blog
> https://cromwell-intl.com/open-source/pdf-not-authorized.html that also has
> some nice references.
>
> However, right now I wonder when I should be extra careful when using groff.
> -Tpdf is my default choice, and most of my papers include images, so I use
> -U almost all the time.
>
> Best regards,
> Michał Kruszewski
>
> Sent with Proton Mail secure email.
Hi Michał,
You are safe. -Tpdf does not use ghostscript at all. Also the pdfs it produces
contain no raw postscript, the article wrongly conflates PDF and PostScript as
the same. I believe the bug involves the 'grestore' command which is a
postscript operator.
The bug is 5 years old and has been fixed since version 9.25:-
https://ubuntu.com/security/CVE-2018-16802
Which also makes it clear that it is crafted postscript which triggered the
bug.
Cheers
Deri