Guenter Milde wrote:
> > Q1: Can postscript (PS) code be embedded in a LyX document in such a way
> > such that it's parsed when doing a preview, or exporting a document?
> Not usually. 

If you export to pdf then you need to convert each eps to pdf first and there
it gets parsed. For viewing you obviously need to parse it as well.

> > Q4: Is PS code able to do system calls when called/parsed in some indirect
> > manner by LyX?

This is not really question of LyX but of the underlying libraries. LyX stands
on chain of converters for gazillion of formats and any vulnerability of the
underlying convertor becomes vulnerability of LyX. 
You have whole line of vulnerabilities in imagemagick and the same applies for
ghostcript (postscript conversion), so if you don't regularly update those libs,
you are vulnerable.
If you want to be super paranoid here than the bad news is that if someone has
enough motivation (money) to sponsor its own hackers or access zero-day exploits
on the black market you have no chance.

> Microsoft decided to end support for EPS images in MS Office.
> It may be interesting to find more about the background for this decision...

Bunch of attacks on their eps interprester, last ones being CVE-2017-0261,


Reply via email to