CVE-2010-4820

Publication date 27 October 2014

Last updated 24 July 2024


Ubuntu priority

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.

Read the notes from the security team

Status

Package Ubuntu Release Status
ghostscript 11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick Ignored
10.04 LTS lucid Ignored
8.04 LTS hardy Ignored
gs-afpl 11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
gs-esp 11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release
gs-gpl 11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Notes


mdeslaur

This is related to CVE-2010-2055 Fixing this will change the default behaviour, and may introduce regressions in software in the archive, and custom software. Since this is primarily a user-assisted attack, the risks of fixing this outweighs the advantages. Marking as ignored for affected releases.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
ghostscript