CVE-2010-4820
Published: 27 October 2014
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
Notes
Author | Note |
---|---|
mdeslaur | This is related to CVE-2010-2055 Fixing this will change the default behaviour, and may introduce regressions in software in the archive, and custom software. Since this is primarily a user-assisted attack, the risks of fixing this outweighs the advantages. Marking as ignored for affected releases. |
Priority
Status
Package | Release | Status |
---|---|---|
ghostscript Launchpad, Ubuntu, Debian |
hardy |
Ignored
|
lucid |
Ignored
|
|
maverick |
Ignored
|
|
natty |
Not vulnerable
(9.01~dfsg-1ubuntu5)
|
|
oneiric |
Not vulnerable
|
|
upstream |
Released
(9.01~dfsg)
|
|
Patches: upstream: http://svn.ghostscript.com/viewvc?view=rev&revision=11494 |
||
gs-afpl Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
gs-esp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
gs-gpl Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|