CVE-2010-4820

Publication date 27 October 2014

Last updated 24 July 2024

Ubuntu priority

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
ghostscript	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Ignored
	10.04 LTS lucid	Ignored
	8.04 LTS hardy	Ignored
gs-afpl	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
gs-esp	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release
gs-gpl	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

Notes

mdeslaur

This is related to CVE-2010-2055 Fixing this will change the default behaviour, and may introduce regressions in software in the archive, and custom software. Since this is primarily a user-assisted attack, the risks of fixing this outweighs the advantages. Marking as ignored for affected releases.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ghostscript	Upstream: http://svn.ghostscript.com/viewvc?view=rev&revision=11494

References

Other references

https://www.cve.org/CVERecord?id=CVE-2010-4820