CVE-2010-2055

Exp

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

Published: 2010-07-22 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-2055 is rated Exploit Available (57.9/100): CVSS High severity, with low exploitation likelihood (EPSS 0.51%). 3 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2010-2055

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2010-2055

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.06% 0.51% +0.45%
2 2025-03-17 0.04% 0.06% +0.02%
3 2023-03-07 0.04%

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-2055

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.2 2.0 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 3.9 10.0 [email protected]

Weakness enumeration for CVE-2010-2055

OS Trackers for CVE-2010-2055

vendor priority summary link
debian not yet assigned CVE-2010-2055 not yet assigned priority: Debian including 1 source packages (ghostscript), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2010-2055
gentoo normal CVE-2010-2055: 1 GLSA(s) (201412-17), 1 atom(s) (app-text/ghostscript-gpl); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-2055
redhat medium https://access.redhat.com/security/cve/CVE-2010-2055
ubuntu medium CVE-2010-2055 medium priority: Ubuntu including 4 source packages (ghostscript, gs-afpl, gs-esp, gs-gpl), 32 status rows across 8 suites (dapper, hardy, jaunty, karmic, lucid, maverick, natty, upstream): DNE 19, ignored 8, needs-triage 3, not-affected 1, released 1. https://ubuntu.com/security/CVE-2010-2055

Affected software / configurations for CVE-2010-2055

Vendor Product Version Raw CPE
artifex afpl_ghostscript 6.0 cpe:2.3:a:artifex:afpl_ghostscript:6.0:*:*:*:*:*:*:*
artifex afpl_ghostscript 6.01 cpe:2.3:a:artifex:afpl_ghostscript:6.01:*:*:*:*:*:*:*
artifex afpl_ghostscript 6.50 cpe:2.3:a:artifex:afpl_ghostscript:6.50:*:*:*:*:*:*:*
artifex afpl_ghostscript 7.00 cpe:2.3:a:artifex:afpl_ghostscript:7.00:*:*:*:*:*:*:*
artifex afpl_ghostscript 7.03 cpe:2.3:a:artifex:afpl_ghostscript:7.03:*:*:*:*:*:*:*
artifex afpl_ghostscript 7.04 cpe:2.3:a:artifex:afpl_ghostscript:7.04:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.00 cpe:2.3:a:artifex:afpl_ghostscript:8.00:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.11 cpe:2.3:a:artifex:afpl_ghostscript:8.11:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.12 cpe:2.3:a:artifex:afpl_ghostscript:8.12:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.13 cpe:2.3:a:artifex:afpl_ghostscript:8.13:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.14 cpe:2.3:a:artifex:afpl_ghostscript:8.14:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.50 cpe:2.3:a:artifex:afpl_ghostscript:8.50:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.51 cpe:2.3:a:artifex:afpl_ghostscript:8.51:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.52 cpe:2.3:a:artifex:afpl_ghostscript:8.52:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.53 cpe:2.3:a:artifex:afpl_ghostscript:8.53:*:*:*:*:*:*:*
artifex afpl_ghostscript 8.54 cpe:2.3:a:artifex:afpl_ghostscript:8.54:*:*:*:*:*:*:*
artifex ghostscript_fonts 6.0 cpe:2.3:a:artifex:ghostscript_fonts:6.0:*:*:*:*:*:*:*
artifex ghostscript_fonts 8.11 cpe:2.3:a:artifex:ghostscript_fonts:8.11:*:*:*:*:*:*:*
artifex gpl_ghostscript <= 8.71 cpe:2.3:a:artifex:gpl_ghostscript:*:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.01 cpe:2.3:a:artifex:gpl_ghostscript:8.01:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.15 cpe:2.3:a:artifex:gpl_ghostscript:8.15:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.50 cpe:2.3:a:artifex:gpl_ghostscript:8.50:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.51 cpe:2.3:a:artifex:gpl_ghostscript:8.51:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.54 cpe:2.3:a:artifex:gpl_ghostscript:8.54:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.56 cpe:2.3:a:artifex:gpl_ghostscript:8.56:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.57 cpe:2.3:a:artifex:gpl_ghostscript:8.57:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.60 cpe:2.3:a:artifex:gpl_ghostscript:8.60:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.61 cpe:2.3:a:artifex:gpl_ghostscript:8.61:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.62 cpe:2.3:a:artifex:gpl_ghostscript:8.62:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.63 cpe:2.3:a:artifex:gpl_ghostscript:8.63:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.64 cpe:2.3:a:artifex:gpl_ghostscript:8.64:*:*:*:*:*:*:*
artifex gpl_ghostscript 8.70 cpe:2.3:a:artifex:gpl_ghostscript:8.70:*:*:*:*:*:*:*

References for CVE-2010-2055

URL Tags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
http://bugs.ghostscript.com/show_bug.cgi?id=691339 Exploit
http://bugs.ghostscript.com/show_bug.cgi?id=691350
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://savannah.gnu.org/forum/forum.php?forum_id=6368
http://secunia.com/advisories/40452 Vendor Advisory
http://secunia.com/advisories/40475 Vendor Advisory
http://secunia.com/advisories/40532 Vendor Advisory
http://security.gentoo.org/glsa/glsa-201412-17.xml
http://www.osvdb.org/66247
http://www.securityfocus.com/archive/1/511433
http://www.securityfocus.com/archive/1/511472 Exploit
http://www.securityfocus.com/archive/1/511474 Exploit
http://www.securityfocus.com/archive/1/511476
http://www.vupen.com/english/advisories/2010/1757 Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=608071
https://bugzilla.redhat.com/show_bug.cgi?id=599564 Patch
https://rhn.redhat.com/errata/RHSA-2012-0095.html
cvelogic Threat Intelligence