CVE-2010-2055

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

Published: Jul 22, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-2055
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-17

Affected Software
References

Software	From	Fixed in
artifex / gpl_ghostscript	8.01	8.01.x
artifex / afpl_ghostscript	7.00	7.00.x
artifex / afpl_ghostscript	8.54	8.54.x
artifex / gpl_ghostscript	8.54	8.54.x
artifex / gpl_ghostscript	8.15	8.15.x
artifex / afpl_ghostscript	7.04	7.04.x
artifex / afpl_ghostscript	7.03	7.03.x
artifex / afpl_ghostscript	8.13	8.13.x
artifex / afpl_ghostscript	8.50	8.50.x
artifex / gpl_ghostscript	8.56	8.56.x
artifex / gpl_ghostscript	8.62	8.62.x
artifex / afpl_ghostscript	8.52	8.52.x
artifex / gpl_ghostscript	8.57	8.57.x
artifex / afpl_ghostscript	8.14	8.14.x
artifex / gpl_ghostscript	8.51	8.51.x
artifex / afpl_ghostscript	8.00	8.00.x
artifex / gpl_ghostscript	8.61	8.61.x
artifex / afpl_ghostscript	8.53	8.53.x
artifex / ghostscript_fonts	6.0	6.0.x
artifex / afpl_ghostscript	6.0	6.0.x
artifex / gpl_ghostscript	-	8.71.x
artifex / gpl_ghostscript	8.50	8.50.x
artifex / gpl_ghostscript	8.64	8.64.x
artifex / afpl_ghostscript	6.01	6.01.x
artifex / gpl_ghostscript	8.70	8.70.x
artifex / gpl_ghostscript	8.60	8.60.x
artifex / afpl_ghostscript	8.12	8.12.x
artifex / afpl_ghostscript	8.11	8.11.x
artifex / gpl_ghostscript	8.63	8.63.x
artifex / afpl_ghostscript	8.51	8.51.x
artifex / ghostscript_fonts	8.11	8.11.x
artifex / afpl_ghostscript	6.50	6.50.x

Vulnerability Database

289,782

CVE-2010-2055