Your submission was sent successfully! Close

CVE-2010-4820

Published: 27 October 2014

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.

Notes

AuthorNote
mdeslaur
This is related to CVE-2010-2055
Fixing this will change the default behaviour, and may introduce
regressions in software in the archive, and custom software.
Since this is primarily a user-assisted attack, the risks of
fixing this outweighs the advantages. Marking as ignored for
affected releases.
Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
hardy Ignored

lucid Ignored

maverick Ignored

natty Not vulnerable
(9.01~dfsg-1ubuntu5)
oneiric Not vulnerable

precise Not vulnerable

upstream
Released (9.01~dfsg)
Patches:
upstream: http://svn.ghostscript.com/viewvc?view=rev&revision=11494
gs-afpl
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

gs-esp
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage

gs-gpl
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

upstream Needs triage