Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Artifex Ghostscript搜索路径多个本地权限提升漏洞
Vulnerability Description
Ghostscript是用于显示PostScript文件或向非PostScript打印机打印这些文件的程序。 Ghostscript在启动时会执行所有匹配./Encoding/*的文件但没有验证敏感文件的所有权,这可能导致执行任意PostScript代码;此外即使设置了-P-选项,Ghostscript也会从当前目录读取gs_init.ps。
CVSS Information
N/A
Vulnerability Type
N/A