VYPR
Unrated severityNVD Advisory· Published Jan 9, 2001· Updated Jun 16, 2026

CVE-2000-1163

CVE-2000-1163

Description

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

Affected products

6
  • cpe:2.3:a:aladdin_enterprises:ghostscript:4.3:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:aladdin_enterprises:ghostscript:4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.10:*:*:*:*:*:*:*
    • cpe:2.3:a:aladdin_enterprises:ghostscript:5.10.15:*:*:*:*:*:*:*
    • cpe:2.3:a:aladdin_enterprises:ghostscript:5.10cl:*:*:*:*:*:*:*
    • cpe:2.3:a:aladdin_enterprises:ghostscript:5.50:*:*:*:*:*:*:*
    • (no CPE)range: <5.10-16

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.