CVE-2010-2055

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
artifexafpl_ghostscript
6.0
artifexafpl_ghostscript
6.01
artifexafpl_ghostscript
6.50
artifexafpl_ghostscript
7.00
artifexafpl_ghostscript
7.03
artifexafpl_ghostscript
7.04
artifexafpl_ghostscript
8.00
artifexafpl_ghostscript
8.11
artifexafpl_ghostscript
8.12
artifexafpl_ghostscript
8.13
artifexafpl_ghostscript
8.14
artifexafpl_ghostscript
8.50
artifexafpl_ghostscript
8.51
artifexafpl_ghostscript
8.52
artifexafpl_ghostscript
8.53
artifexafpl_ghostscript
8.54
artifexghostscript_fonts
6.0
artifexghostscript_fonts
8.11
artifexgpl_ghostscript
𝑥
≤ 8.71
artifexgpl_ghostscript
8.01
artifexgpl_ghostscript
8.15
artifexgpl_ghostscript
8.50
artifexgpl_ghostscript
8.51
artifexgpl_ghostscript
8.54
artifexgpl_ghostscript
8.56
artifexgpl_ghostscript
8.57
artifexgpl_ghostscript
8.60
artifexgpl_ghostscript
8.61
artifexgpl_ghostscript
8.62
artifexgpl_ghostscript
8.63
artifexgpl_ghostscript
8.64
artifexgpl_ghostscript
8.70
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bullseye
9.53.3~dfsg-7+deb11u7
fixed
lenny
no-dsa
bullseye (security)
9.53.3~dfsg-7+deb11u8
fixed
bookworm
10.0.0~dfsg-11+deb12u4
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u5
fixed
sid
10.04.0~dfsg-1
fixed
trixie
10.04.0~dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
natty
not-affected
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
ignored
hardy
ignored
dapper
dne
gs-afpl
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
hardy
dne
dapper
ignored
gs-esp
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
hardy
dne
dapper
ignored
gs-gpl
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
hardy
dne
dapper
ignored
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
http://bugs.ghostscript.com/show_bug.cgi?id=691339
http://bugs.ghostscript.com/show_bug.cgi?id=691350
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://savannah.gnu.org/forum/forum.php?forum_id=6368
http://secunia.com/advisories/40452
http://secunia.com/advisories/40475
http://secunia.com/advisories/40532
http://security.gentoo.org/glsa/glsa-201412-17.xml
http://www.osvdb.org/66247
http://www.securityfocus.com/archive/1/511433
http://www.securityfocus.com/archive/1/511472
http://www.securityfocus.com/archive/1/511474
http://www.securityfocus.com/archive/1/511476
http://www.vupen.com/english/advisories/2010/1757
https://bugzilla.novell.com/show_bug.cgi?id=608071
https://bugzilla.redhat.com/show_bug.cgi?id=599564
https://rhn.redhat.com/errata/RHSA-2012-0095.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
http://bugs.ghostscript.com/show_bug.cgi?id=691339
http://bugs.ghostscript.com/show_bug.cgi?id=691350
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://savannah.gnu.org/forum/forum.php?forum_id=6368
http://secunia.com/advisories/40452
http://secunia.com/advisories/40475
http://secunia.com/advisories/40532
http://security.gentoo.org/glsa/glsa-201412-17.xml
http://www.osvdb.org/66247
http://www.securityfocus.com/archive/1/511433
http://www.securityfocus.com/archive/1/511472
http://www.securityfocus.com/archive/1/511474
http://www.securityfocus.com/archive/1/511476
http://www.vupen.com/english/advisories/2010/1757
https://bugzilla.novell.com/show_bug.cgi?id=608071
https://bugzilla.redhat.com/show_bug.cgi?id=599564
https://rhn.redhat.com/errata/RHSA-2012-0095.html