Unrated severityNVD Advisory· Published Jul 22, 2010· Updated Apr 29, 2026
CVE-2010-2055
CVE-2010-2055
Description
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
Affected products
32cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:6.01:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:6.50:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:7.00:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:7.03:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:7.04:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.00:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.11:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.12:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.13:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.14:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.50:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.51:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.52:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.53:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:afpl_ghostscript:8.54:*:*:*:*:*:*:*
cpe:2.3:a:artifex:ghostscript_fonts:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:artifex:ghostscript_fonts:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:ghostscript_fonts:8.11:*:*:*:*:*:*:*
cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*range: <=8.71
- cpe:2.3:a:artifex:gpl_ghostscript:8.01:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.15:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.50:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.51:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.54:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.60:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.61:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.62:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.63:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.64:*:*:*:*:*:*:*
- cpe:2.3:a:artifex:gpl_ghostscript:8.70:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- bugzilla.redhat.com/show_bug.cginvdPatch
- bugs.ghostscript.com/show_bug.cginvdExploit
- www.securityfocus.com/archive/1/511472nvdExploit
- www.securityfocus.com/archive/1/511474nvdExploit
- secunia.com/advisories/40452nvdVendor Advisory
- secunia.com/advisories/40475nvdVendor Advisory
- secunia.com/advisories/40532nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1757nvdVendor Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvd
- bugs.debian.org/cgi-bin/bugreport.cginvd
- bugs.ghostscript.com/show_bug.cginvd
- lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlnvd
- security.gentoo.org/glsa/glsa-201412-17.xmlnvd
- www.osvdb.org/66247nvd
- www.securityfocus.com/archive/1/511433nvd
- www.securityfocus.com/archive/1/511476nvd
- bugzilla.novell.com/show_bug.cginvd
- rhn.redhat.com/errata/RHSA-2012-0095.htmlnvd
News mentions
0No linked articles in our index yet.