Local Code Execution Vulnerability in Ghostscript by Artifex Software
CVE-2010-2055

Currently unrated

Key Information:

Vendor: Artifex
Status: Gpl Ghostscript; Afpl Ghostscript; Ghostscript Fonts
Vendor: CVE Published:; 22 July 2010

What is CVE-2010-2055?

Ghostscript versions 8.71 and earlier contain a vulnerability that allows local users to execute arbitrary PostScript commands through the manipulation of initialization files. This occurs because the software reads initialization files from the current working directory without proper validation, particularly in conjunction with the -P- option. This flaw can be exploited to run malicious PostScript commands using specially crafted files, posing a risk to system integrity and security.

References

http://www.osvdb.org/66247

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/40532

third-party-advisoryx_refsource_SECUNIA

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2010
Vulnerability Reserved
May 25, 2010