CVE-2012-4405
Priority
Medium
Description
Multiple integer underflows in the icmLut_allocate function in
International Color Consortium (ICC) Format library (icclib), as used in
Ghostscript 9.06 and Argyll Color Management System, allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary code
via a crafted (1) PostScript or (2) PDF file with embedded images, which
triggers a heap-based buffer overflow. NOTE: this issue is also described
as an array index error.
International Color Consortium (ICC) Format library (icclib), as used in
Ghostscript 9.06 and Argyll Color Management System, allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary code
via a crafted (1) PostScript or (2) PDF file with embedded images, which
triggers a heap-based buffer overflow. NOTE: this issue is also described
as an array index error.
References
Bugs
Notes
mdeslaur> icclib isn't built in oneiric.
Assigned-to
mdeslaur
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | released (8.61.dfsg.1-1ubuntu3.5) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (8.71.dfsg.1-0ubuntu5.5) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (code not present) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (code not present) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (code not present) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (code not present) |
Patches:
| Redhat: | https://bugzilla.redhat.com/attachment.cgi?id=609986 |
Package
| Upstream: | released (1.4.0-7) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | needs-triage |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | needs-triage |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (1.4.0-7ubuntu1) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (1.4.0-7ubuntu1) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (1.4.0-7ubuntu1) |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |
| Ubuntu 13.10 (Saucy Salamander): | DNE |