Описание
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 5 | ghostscript | Fixed | RHSA-2012:0095 | 02.02.2012 |
| Red Hat Enterprise Linux 6 | ghostscript | Fixed | RHSA-2012:0095 | 02.02.2012 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS2
Связанные уязвимости
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
Ghostscript 8.71 and earlier reads initialization files from the curre ...
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
EPSS
4.4 Medium
CVSS2