CVE-2010-4054

Related Files

Gentoo Linux Security Advisory 201412-17

Posted Dec 15, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-17 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-0196, CVE-2009-0792, CVE-2009-3743, CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-2055, CVE-2010-4054, CVE-2012-4405

SHA-256 | 03c0d395cdc0839362a464bc735af98cdf0e7ea963089096f746c47e2abb27c3

Download | Favorite | View

Red Hat Security Advisory 2012-0096-01

Posted Feb 3, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0096-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default.

tags | advisory, arbitrary

systems | linux, redhat

advisories | CVE-2010-4054, CVE-2010-4820

SHA-256 | 4d7ec0be3c4cdaaf6b1f677637efef43125f8c79e9156cb4c4c7e1a319176841

Download | Favorite | View

Red Hat Security Advisory 2012-0095-01

Posted Feb 3, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0095-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used. If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code.

tags | advisory, overflow, arbitrary

systems | linux, redhat

advisories | CVE-2009-3743, CVE-2010-2055, CVE-2010-4054, CVE-2010-4820

SHA-256 | e6888517744a038247ddcec36a31a2483e8893d5f08cc6726fef676d829fd42b

Download | Favorite | View

Ubuntu Security Notice USN-1317-1

Posted Jan 4, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1317-1 - It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2008-3520, CVE-2008-3522, CVE-2009-3743, CVE-2010-4054, CVE-2011-4516, CVE-2011-4517

SHA-256 | 1fcf7293472e791a0923b72c104ac27add330ec563ccfa26ed3174c631ebbd57

Download | Favorite | View