PT-2010-3674 · Artifex+2 · Ghostscript+2

Published

2010-07-22

Updated

2015-01-09

CVE-2010-2055

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ghostscript versions 8.71 and earlier

Description The issue allows local users to execute arbitrary PostScript commands via a Trojan horse file due to improper support for the -P- option to the gs program. This can be demonstrated using gs init.ps.

Recommendations For Ghostscript versions 8.71 and earlier, consider updating to a version that fixes this issue, as the current version allows for the execution of arbitrary PostScript commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

CESA-2012_0095

CVE-2010-2055

RHSA-2012:0095

RHSA-2012_0095

Affected Products

Centos

Ghostscript

Red Hat

PT-2010-3674 · Artifex+2 · Ghostscript+2

CVE-2010-2055

Weakness Enumeration

Related Identifiers

Affected Products

References · 39