CVE-2010-4820: Code Injection
Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default. (CVE-2010-4820)
Note: The fix for CVE-2010-4820 could possibly break existing configurations. To use the previous, vulnerable behavior, run Ghostscript with the "-P" option (to always search the current working directory first).
Other sources
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
— MITRE
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2010-4820?
CVE-2010-4820 has been classified as a medium severity vulnerability due to the potential for arbitrary code execution.
How do I fix CVE-2010-4820?
To fix CVE-2010-4820, it is recommended to run Ghostscript with the "-P-" option or update to a patched version of Ghostscript.
What versions of Ghostscript are affected by CVE-2010-4820?
CVE-2010-4820 affects Ghostscript version 8.62.
What kind of attack can be executed via CVE-2010-4820?
CVE-2010-4820 allows an attacker to execute arbitrary PostScript code by placing a specially-crafted library file in a controlled directory.
Can I safely run Ghostscript with the default settings regarding CVE-2010-4820?
Running Ghostscript with default settings is unsafe if the current working directory is controlled by an attacker, due to CVE-2010-4820.