CVE-2010-4820

EUVD-2010-4785
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
ghostscriptghostscript
8.62
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bookworm
10.0.0~dfsg-11+deb12u4
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u5
fixed
bullseye
9.53.3~dfsg-7+deb11u7
fixed
bullseye (security)
9.53.3~dfsg-7+deb11u8
fixed
lenny
no-dsa
sid
10.04.0~dfsg-1
fixed
trixie
10.04.0~dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
hardy
ignored
lucid
ignored
maverick
ignored
natty
not-affected
oneiric
not-affected
gs-afpl
hardy
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
gs-esp
hardy
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
gs-gpl
hardy
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
Common Weakness Enumeration
References
http://bugs.ghostscript.com/show_bug.cgi?id=691339
http://rhn.redhat.com/errata/RHSA-2012-0095.html
http://rhn.redhat.com/errata/RHSA-2012-0096.html
http://www.openwall.com/lists/oss-security/2012/01/04/7
http://www.securityfocus.com/archive/1/511433
http://www.securityfocus.com/bid/51847
https://bugzilla.redhat.com/show_bug.cgi?id=599564
https://bugzilla.redhat.com/show_bug.cgi?id=771853
http://bugs.ghostscript.com/show_bug.cgi?id=691339
http://rhn.redhat.com/errata/RHSA-2012-0095.html
http://rhn.redhat.com/errata/RHSA-2012-0096.html
http://www.openwall.com/lists/oss-security/2012/01/04/7
http://www.securityfocus.com/archive/1/511433
http://www.securityfocus.com/bid/51847
https://bugzilla.redhat.com/show_bug.cgi?id=599564
https://bugzilla.redhat.com/show_bug.cgi?id=771853