Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-4820

Published: 27 October 2014

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.

Notes

AuthorNote
mdeslaur
This is related to CVE-2010-2055
Fixing this will change the default behaviour, and may introduce
regressions in software in the archive, and custom software.
Since this is primarily a user-assisted attack, the risks of
fixing this outweighs the advantages. Marking as ignored for
affected releases.

Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
upstream
Released (9.01~dfsg)
hardy Ignored

lucid Ignored

maverick Ignored

natty Not vulnerable
(9.01~dfsg-1ubuntu5)
oneiric Not vulnerable

Patches:
upstream: http://svn.ghostscript.com/viewvc?view=rev&revision=11494
gs-gpl
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

gs-esp
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

gs-afpl
Launchpad, Ubuntu, Debian
upstream Needs triage

hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist