Local Code Execution Vulnerability in Ghostscript by Artifex Software
CVE-2010-2055

Currently unrated

What is CVE-2010-2055?

Ghostscript versions 8.71 and earlier contain a vulnerability that allows local users to execute arbitrary PostScript commands through the manipulation of initialization files. This occurs because the software reads initialization files from the current working directory without proper validation, particularly in conjunction with the -P- option. This flaw can be exploited to run malicious PostScript commands using specially crafted files, posing a risk to system integrity and security.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.