Local Code Execution Vulnerability in Ghostscript by Artifex Software
CVE-2010-2055
Currently unrated
Key Information:
- Vendor
Artifex
- Vendor
- CVE Published:
- 22 July 2010
What is CVE-2010-2055?
Ghostscript versions 8.71 and earlier contain a vulnerability that allows local users to execute arbitrary PostScript commands through the manipulation of initialization files. This occurs because the software reads initialization files from the current working directory without proper validation, particularly in conjunction with the -P- option. This flaw can be exploited to run malicious PostScript commands using specially crafted files, posing a risk to system integrity and security.