Unrated severityNVD Advisory· Published Oct 10, 2012· Updated Apr 29, 2026
CVE-2009-5067
CVE-2009-5067
Description
Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.
Affected products
5cpe:2.3:a:html2ps_project:html2ps:1.0:b1:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:html2ps_project:html2ps:1.0:b1:*:*:*:*:*:*
- cpe:2.3:a:html2ps_project:html2ps:1.0:b2:*:*:*:*:*:*
- cpe:2.3:a:html2ps_project:html2ps:1.0:b3:*:*:*:*:*:*
- cpe:2.3:a:html2ps_project:html2ps:1.0:b4:*:*:*:*:*:*
- cpe:2.3:a:html2ps_project:html2ps:*:b5:*:*:*:*:*:*range: <=1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- user.it.uu.se/~jan/html2ps-1.0b7.tar.gznvdPatch
- packetstormsecurity.org/files/81614/html2ps-1.0-beta5-File-Disclosure.htmlnvdExploit
- bugs.debian.org/cgi-bin/bugreport.cginvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2012/10/05/1nvd
- www.openwall.com/lists/oss-security/2012/10/05/5nvd
- www.securityfocus.com/bid/36524nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.