CVE-2010-2055

First published: Wed May 26 2010(Updated: )

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Artifex Gpl Ghostscript	=8.01
Artifex Afpl Ghostscript	=7.00
Artifex Afpl Ghostscript	=8.54
Artifex Gpl Ghostscript	=8.54
Artifex Gpl Ghostscript	=8.15
Artifex Afpl Ghostscript	=7.04
Artifex Afpl Ghostscript	=7.03
Artifex Afpl Ghostscript	=8.13
Artifex Afpl Ghostscript	=8.50
Artifex Gpl Ghostscript	=8.56
Artifex Gpl Ghostscript	=8.62
Artifex Afpl Ghostscript	=8.52
Artifex Gpl Ghostscript	=8.57
Artifex Afpl Ghostscript	=8.14
Artifex Gpl Ghostscript	=8.51
Artifex Afpl Ghostscript	=8.00
Artifex Gpl Ghostscript	=8.61
Artifex Afpl Ghostscript	=8.53
Artifex Ghostscript Fonts	=6.0
Artifex Afpl Ghostscript	=6.0
Artifex Gpl Ghostscript	<=8.71
Artifex Gpl Ghostscript	=8.50
Artifex Gpl Ghostscript	=8.64
Artifex Afpl Ghostscript	=6.01
Artifex Gpl Ghostscript	=8.70
Artifex Gpl Ghostscript	=8.60
Artifex Afpl Ghostscript	=8.12
Artifex Afpl Ghostscript	=8.11
Artifex Gpl Ghostscript	=8.63
Artifex Afpl Ghostscript	=8.51
Artifex Ghostscript Fonts	=8.11
Artifex Afpl Ghostscript	=6.50
redhat/ghostscript	<0:8.70-6.el5_7.6	0:8.70-6.el5_7.6
redhat/ghostscript	<0:8.70-11.el6_2.6	0:8.70-11.el6_2.6

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=599564

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2012:0095

collector/nvd-historical
collector/redhat-cve
collector/redhat-bugzilla
alias/CVE-2010-2055
collector/nvd-index
agent/severity
agent/weakness
agent/author
agent/description
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/references
agent/tags
collector/mitre-cve
source/MITRE
vendor/artifex
canonical/artifex gpl ghostscript
version/artifex gpl ghostscript/8.01
canonical/artifex afpl ghostscript
version/artifex afpl ghostscript/7.00
version/artifex afpl ghostscript/8.54
version/artifex gpl ghostscript/8.54
version/artifex gpl ghostscript/8.15
version/artifex afpl ghostscript/7.04
version/artifex afpl ghostscript/7.03
version/artifex afpl ghostscript/8.13
version/artifex afpl ghostscript/8.50
version/artifex gpl ghostscript/8.56
version/artifex gpl ghostscript/8.62
version/artifex afpl ghostscript/8.52
version/artifex gpl ghostscript/8.57
version/artifex afpl ghostscript/8.14
version/artifex gpl ghostscript/8.51
version/artifex afpl ghostscript/8.00
version/artifex gpl ghostscript/8.61
version/artifex afpl ghostscript/8.53
canonical/artifex ghostscript fonts
version/artifex ghostscript fonts/6.0
version/artifex afpl ghostscript/6.0
version/artifex gpl ghostscript/8.71
version/artifex gpl ghostscript/8.50
version/artifex gpl ghostscript/8.64
version/artifex afpl ghostscript/6.01
version/artifex gpl ghostscript/8.70
version/artifex gpl ghostscript/8.60
version/artifex afpl ghostscript/8.12
version/artifex afpl ghostscript/8.11
version/artifex gpl ghostscript/8.63
version/artifex afpl ghostscript/8.51
version/artifex ghostscript fonts/8.11
version/artifex afpl ghostscript/6.50
package-manager/redhat

CVE-2010-2055

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact