CVE-2010-2055

Published: Jul 22, 2010Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

Affected (32)

Products: Artifex: Afpl Ghostscript, Ghostscript Fonts, Gpl Ghostscript

3 products

Afpl Ghostscript

Ghostscript Fonts

Gpl Ghostscript

Configuration A

32 vulnerable

Vulnerable Software	Affected Versions
Artifex Afpl Ghostscript	Version 6.01
Artifex Afpl Ghostscript	Version 6.0
Artifex Afpl Ghostscript	Version 6.50
Artifex Afpl Ghostscript	Version 7.00
Artifex Afpl Ghostscript	Version 7.03
Artifex Afpl Ghostscript	Version 7.04
Artifex Afpl Ghostscript	Version 8.00
Artifex Afpl Ghostscript	Version 8.11
Artifex Afpl Ghostscript	Version 8.12
Artifex Afpl Ghostscript	Version 8.13
Artifex Afpl Ghostscript	Version 8.14
Artifex Afpl Ghostscript	Version 8.50
Artifex Afpl Ghostscript	Version 8.51
Artifex Afpl Ghostscript	Version 8.52
Artifex Afpl Ghostscript	Version 8.53
Artifex Afpl Ghostscript	Version 8.54
Artifex Ghostscript Fonts	Version 6.0
Artifex Ghostscript Fonts	Version 8.11
Artifex Gpl Ghostscript	Up to 8.71
Artifex Gpl Ghostscript	Version 8.01
Artifex Gpl Ghostscript	Version 8.15
Artifex Gpl Ghostscript	Version 8.50
Artifex Gpl Ghostscript	Version 8.51
Artifex Gpl Ghostscript	Version 8.54
Artifex Gpl Ghostscript	Version 8.56
Artifex Gpl Ghostscript	Version 8.57
Artifex Gpl Ghostscript	Version 8.60
Artifex Gpl Ghostscript	Version 8.61
Artifex Gpl Ghostscript	Version 8.62
Artifex Gpl Ghostscript	Version 8.63
Artifex Gpl Ghostscript	Version 8.64
Artifex Gpl Ghostscript	Version 8.70

Related CWEs

References (42)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183

Source: secalert@redhat.com

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316

Source: secalert@redhat.com

http://bugs.ghostscript.com/show_bug.cgi?id=691339

Source: secalert@redhat.com

Exploit

http://bugs.ghostscript.com/show_bug.cgi?id=691350

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Source: secalert@redhat.com

http://savannah.gnu.org/forum/forum.php?forum_id=6368

Source: secalert@redhat.com

http://secunia.com/advisories/40452

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/40475

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/40532

Source: secalert@redhat.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201412-17.xml

Source: secalert@redhat.com

http://www.osvdb.org/66247

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/511433

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/511472

Source: secalert@redhat.com

Exploit

http://www.securityfocus.com/archive/1/511474

Source: secalert@redhat.com

Exploit

http://www.securityfocus.com/archive/1/511476

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2010/1757

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.novell.com/show_bug.cgi?id=608071

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=599564

Source: secalert@redhat.com

Patch

https://rhn.redhat.com/errata/RHSA-2012-0095.html

Source: secalert@redhat.com

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183

Source: af854a3a-2127-422b-91ae-364da2661108

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316

Source: af854a3a-2127-422b-91ae-364da2661108

http://bugs.ghostscript.com/show_bug.cgi?id=691339

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://bugs.ghostscript.com/show_bug.cgi?id=691350

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://savannah.gnu.org/forum/forum.php?forum_id=6368

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40452

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/40475

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/40532

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201412-17.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/66247

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/511433

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/511472

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/511474

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/511476

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1757

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.novell.com/show_bug.cgi?id=608071

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=599564

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://rhn.redhat.com/errata/RHSA-2012-0095.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.