Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1616

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-1616
Last Modified 13 Aug 2012 11:36:06
Published 21 Jun 2012 11:55:12
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1616

Summary

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.

Vulnerable Systems

Application

  • Argyllcms 0.1.0

  • Argyllcms 0.2.0

  • Argyllcms 0.2.1

  • Argyllcms 0.2.2

  • Argyllcms 0.3.0

  • Argyllcms 0.6.0

  • Argyllcms 0.7.0

  • Argyllcms 1.0.0

  • Argyllcms 1.0.2

  • Argyllcms 1.0.3

  • Argyllcms 1.0.4

  • Argyllcms 1.1.0

  • Argyllcms 1.1.1

  • Argyllcms 1.2.0

  • Argyllcms 1.3.0

  • Argyllcms 1.3.1

  • Argyllcms 1.3.2

  • Argyllcms 1.3.3

  • Argyllcms 1.3.4

  • Argyllcms 1.3.5

  • Argyllcms 1.3.6

  • Argyllcms 1.3.7

  • Color Icclib 1.23

  • Color Icclib 2.00

  • Color Icclib 2.02

  • Color Icclib 2.03

  • Color Icclib 2.11


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=809697

XF - argyll-icc-code-execution(75162)

BID - 53240

OSVDB - 81617

MISC - http://www.argyllcms.com/icc_readme.html

GENTOO - GLSA-201206-04

SECUNIA - 49602

SECUNIA - 48921

FEDORA - FEDORA-2012-6529


Last Updated: 27 May 2016 10:56:34