4.4

CVE-2010-4820

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GhostscriptGhostscript Version8.62
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.47% 0.37
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://bugs.ghostscript.com/show_bug.cgi?id=691339
http://www.securityfocus.com/archive/1/511433
https://bugzilla.redhat.com/show_bug.cgi?id=599564
http://rhn.redhat.com/errata/RHSA-2012-0096.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0095.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/01/04/7
http://www.securityfocus.com/bid/51847
https://bugzilla.redhat.com/show_bug.cgi?id=771853