Lucene search

[email protected]CVE-2010-4820

HistoryOct 27, 2014 - 1:55 a.m.

CVE-2010-4820

2014-10-2701:55:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-4820

ghostscript

vulnerability

local users

postscript

trojan horse

nvd

6.5 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.

CPENameOperatorVersion
ghostscript:ghostscriptghostscripteq8.62

CPE	Name	Operator	Version
ghostscript:ghostscript	ghostscript	eq	8.62

References

bugs.ghostscript.com/show_bug.cgi?id=691339

rhn.redhat.com/errata/RHSA-2012-0095.html

rhn.redhat.com/errata/RHSA-2012-0096.html

www.openwall.com/lists/oss-security/2012/01/04/7

www.securityfocus.com/archive/1/511433

www.securityfocus.com/bid/51847

bugzilla.redhat.com/show_bug.cgi?id=599564

bugzilla.redhat.com/show_bug.cgi?id=771853

6.5 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2010-4820

debiancve2 prion2 cvelist2 cve1 ubuntucve2 oraclelinux2 veracode2 nessus20 openvas25 redhat2 amazon1 centos2 fedora5 gentoo1