7.2

CVE-2010-2055

Exploit
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArtifexAfpl Ghostscript Version6.0
ArtifexAfpl Ghostscript Version6.01
ArtifexAfpl Ghostscript Version6.50
ArtifexAfpl Ghostscript Version7.00
ArtifexAfpl Ghostscript Version7.03
ArtifexAfpl Ghostscript Version7.04
ArtifexAfpl Ghostscript Version8.00
ArtifexAfpl Ghostscript Version8.11
ArtifexAfpl Ghostscript Version8.12
ArtifexAfpl Ghostscript Version8.13
ArtifexAfpl Ghostscript Version8.14
ArtifexAfpl Ghostscript Version8.50
ArtifexAfpl Ghostscript Version8.51
ArtifexAfpl Ghostscript Version8.52
ArtifexAfpl Ghostscript Version8.53
ArtifexAfpl Ghostscript Version8.54
ArtifexGhostscript Fonts Version6.0
ArtifexGhostscript Fonts Version8.11
ArtifexGpl Ghostscript Version <= 8.71
ArtifexGpl Ghostscript Version8.01
ArtifexGpl Ghostscript Version8.15
ArtifexGpl Ghostscript Version8.50
ArtifexGpl Ghostscript Version8.51
ArtifexGpl Ghostscript Version8.54
ArtifexGpl Ghostscript Version8.56
ArtifexGpl Ghostscript Version8.57
ArtifexGpl Ghostscript Version8.60
ArtifexGpl Ghostscript Version8.61
ArtifexGpl Ghostscript Version8.62
ArtifexGpl Ghostscript Version8.63
ArtifexGpl Ghostscript Version8.64
ArtifexGpl Ghostscript Version8.70
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.39
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://security.gentoo.org/glsa/glsa-201412-17.xml
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
http://bugs.ghostscript.com/show_bug.cgi?id=691339
Exploit
http://bugs.ghostscript.com/show_bug.cgi?id=691350
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html
http://savannah.gnu.org/forum/forum.php?forum_id=6368
http://secunia.com/advisories/40452
Vendor Advisory
http://secunia.com/advisories/40475
Vendor Advisory
http://secunia.com/advisories/40532
Vendor Advisory
http://www.osvdb.org/66247
http://www.securityfocus.com/archive/1/511433
http://www.securityfocus.com/archive/1/511472
Exploit
http://www.securityfocus.com/archive/1/511474
Exploit
http://www.securityfocus.com/archive/1/511476
http://www.vupen.com/english/advisories/2010/1757
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=608071
https://bugzilla.redhat.com/show_bug.cgi?id=599564
Patch
https://rhn.redhat.com/errata/RHSA-2012-0095.html