CVE-2012-4405

Priority
Medium
Description
Multiple integer underflows in the icmLut_allocate function in
International Color Consortium (ICC) Format library (icclib), as used in
Ghostscript 9.06 and Argyll Color Management System, allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary code
via a crafted (1) PostScript or (2) PDF file with embedded images, which
triggers a heap-based buffer overflow. NOTE: this issue is also described
as an array index error.
References
Bugs
Notes
mdeslaur> icclib isn't built in oneiric.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (8.71.dfsg.1-0ubuntu5.5)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 14.10 (Utopic Unicorn):not-affected (code not present)
Patches:
Redhat:https://bugzilla.redhat.com/attachment.cgi?id=609986
Package
Upstream:released (1.4.0-7)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.4.0-7ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1.4.0-7ubuntu1)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-23 21:16:19 UTC (commit 8644)