CVE-2012-4405

Priority
Medium
Description
Multiple integer underflows in the icmLut_allocate function in
International Color Consortium (ICC) Format library (icclib), as used in
Ghostscript 9.06 and Argyll Color Management System, allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary code
via a crafted (1) PostScript or (2) PDF file with embedded images, which
triggers a heap-based buffer overflow. NOTE: this issue is also described
as an array index error.
References
Bugs
Notes
 mdeslaur> icclib isn't built in oneiric.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 15.04 (Vivid Vervet):not-affected (code not present)
Ubuntu 15.10 (Wily Werewolf):not-affected (code not present)
Patches:
Redhat:https://bugzilla.redhat.com/attachment.cgi?id=609986
Package
Upstream:released (1.4.0-7)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.4.0-7ubuntu1)
Ubuntu 15.04 (Vivid Vervet):not-affected (1.4.0-7ubuntu1)
Ubuntu 15.10 (Wily Werewolf):not-affected (1.4.0-7ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu 15.10 (Wily Werewolf):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:18:16 UTC (commit 9756)