Your submission was sent successfully! Close

CVE-2010-4820

Published: 27 October 2014

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.

Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
Upstream
Released (9.01~dfsg)
Patches:
Upstream: http://svn.ghostscript.com/viewvc?view=rev&revision=11494
gs-afpl
Launchpad, Ubuntu, Debian
Upstream Needs triage

gs-esp
Launchpad, Ubuntu, Debian
Upstream Needs triage

gs-gpl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Notes

AuthorNote
mdeslaur
This is related to CVE-2010-2055
Fixing this will change the default behaviour, and may introduce
regressions in software in the archive, and custom software.
Since this is primarily a user-assisted attack, the risks of
fixing this outweighs the advantages. Marking as ignored for
affected releases.

References

Bugs