CVE-2010-4820
Published: 27 October 2014
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
Notes
| Author | Note |
|---|---|
| mdeslaur | This is related to CVE-2010-2055 Fixing this will change the default behaviour, and may introduce regressions in software in the archive, and custom software. Since this is primarily a user-assisted attack, the risks of fixing this outweighs the advantages. Marking as ignored for affected releases. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ghostscript Launchpad, Ubuntu, Debian |
hardy |
Ignored
|
| lucid |
Ignored
|
|
| maverick |
Ignored
|
|
| natty |
Not vulnerable
(9.01~dfsg-1ubuntu5)
|
|
| oneiric |
Not vulnerable
|
|
| upstream |
Released
(9.01~dfsg)
|
|
|
Patches: upstream: http://svn.ghostscript.com/viewvc?view=rev&revision=11494 |
||
|
gs-afpl Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
gs-esp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
gs-gpl Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Needs triage
|
|