CVE-2010-2055

Related Files

Gentoo Linux Security Advisory 201412-17

Posted Dec 15, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-17 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-0196, CVE-2009-0792, CVE-2009-3743, CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-2055, CVE-2010-4054, CVE-2012-4405

SHA-256 | 03c0d395cdc0839362a464bc735af98cdf0e7ea963089096f746c47e2abb27c3

Download | Favorite | View

Red Hat Security Advisory 2012-0095-01

Posted Feb 3, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0095-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used. If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code.

tags | advisory, overflow, arbitrary

systems | linux, redhat

advisories | CVE-2009-3743, CVE-2010-2055, CVE-2010-4054, CVE-2010-4820

SHA-256 | e6888517744a038247ddcec36a31a2483e8893d5f08cc6726fef676d829fd42b

Download | Favorite | View