Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4405

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4405
Last Modified 12 Jan 2015 02:06:01
Published 18 Sep 2012 01:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4405

Summary

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

Vulnerable Systems

Application

  • Argyllcms Cms -

  • Color Icclib -

  • Ghostscript 9.06


References

XF - icclib-pdf-bo(78411)

SECTRACK - 1027517

BID - 55494

MLIST - [oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write

MANDRIVA - MDVSA-2012:151

REDHAT - RHSA-2012:1256

UBUNTU - USN-1581-1

SUSE - openSUSE-SU-2012:1290

SUSE - openSUSE-SU-2012:1289

SUSE - SUSE-SU-2012:1222

SECUNIA - 50719

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301

MANDRIVA - MDVSA-2013:090

MANDRIVA - MDVSA-2013:089

GENTOO - GLSA-201412-17

Related Patches

Red Hat 2012:1256-01 RHSA Moderate: ghostscript security update for RHEL 5 x86

Novell SUSE 2012:6813 ghostscript-devel security update for SLE 11 SP2 i586

Novell SUSE 2012:6813 ghostscript-devel security update for SLE 11 SP2 x86_64

Novell SUSE 2012:8290 ghostscript-fonts-other security update for SLE 10 SP4 i586

Novell SUSE 2012:8290 ghostscript-fonts-other security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:47:16