Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | ghostscript | 2012-02-08 13:46 | ALAS-2012-42 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.4 | AV:L/AC:M/Au:N/C:P/I:P/A:P |
NVD | CVSSv2 | 4.4 | AV:L/AC:M/Au:N/C:P/I:P/A:P |