Published: 22/07/2010 Updated: 09/01/2015

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Ghostscript 8.71 and previous versions reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex afpl ghostscript 7.03
artifex afpl ghostscript 7.00
artifex afpl ghostscript 6.50
artifex afpl ghostscript 6.01
artifex gpl ghostscript 8.01
artifex ghostscript fonts 6.0
artifex gpl ghostscript 8.62
artifex gpl ghostscript 8.63
artifex afpl ghostscript 8.14
artifex afpl ghostscript 8.13
artifex afpl ghostscript 8.12
artifex afpl ghostscript 8.11
artifex gpl ghostscript 8.51
artifex gpl ghostscript 8.54
artifex afpl ghostscript 8.53
artifex afpl ghostscript 8.54
artifex gpl ghostscript
artifex afpl ghostscript 7.04
artifex afpl ghostscript 6.0
artifex afpl ghostscript 8.52
artifex afpl ghostscript 8.50
artifex afpl ghostscript 8.00
artifex gpl ghostscript 8.50
artifex gpl ghostscript 8.61
artifex gpl ghostscript 8.57
artifex gpl ghostscript 8.64
artifex afpl ghostscript 8.51
artifex gpl ghostscript 8.15
artifex ghostscript fonts 8.11
artifex gpl ghostscript 8.60
artifex gpl ghostscript 8.56
artifex gpl ghostscript 8.70

Synopsis Moderate: ghostscript security update Type/Severity Security Advisory: Moderate Topic Updated ghostscript packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Comm ...

Debian Bug report logs - #584653 ghostscript: does not honor -P- option Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: "Bernhard R Link" <brlink@debianorg> Date: Sat, 5 Jun 201 ...

An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code (CVE-2009-3743) It was found that Ghostscript always tried to read Ghostscript system initialization ...

CWE-17 http://www.securityfocus.com/archive/1/511476 http://www.securityfocus.com/archive/1/511472 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html http://secunia.com/advisories/40475 http://www.vupen.com/english/advisories/2010/1757 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183 https://bugzilla.novell.com/show_bug.cgi?id=608071 http://www.securityfocus.com/archive/1/511474 http://secunia.com/advisories/40452 http://bugs.ghostscript.com/show_bug.cgi?id=691339 http://www.osvdb.org/66247 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316 https://bugzilla.redhat.com/show_bug.cgi?id=599564 http://www.securityfocus.com/archive/1/511433 http://bugs.ghostscript.com/show_bug.cgi?id=691350 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html http://secunia.com/advisories/40532 http://savannah.gnu.org/forum/forum.php?forum_id=6368 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html https://rhn.redhat.com/errata/RHSA-2012-0095.html http://security.gentoo.org/glsa/glsa-201412-17.xml https://access.redhat.com/errata/RHSA-2012:0095 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2012-42.html

CVE-2010-2055

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect