Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-07-21 22:43
Updated : 2015-01-09 15:44
NVD link : CVE-2010-2055
Mitre link : CVE-2010-2055
JSON object : View
CWE
CWE-17
DEPRECATED: Code
Products Affected
artifex
- afpl_ghostscript
- ghostscript_fonts
- gpl_ghostscript