what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2012-4405

Status Candidate

Overview

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

Related Files

Gentoo Linux Security Advisory 201412-17
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-17 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0196, CVE-2009-0792, CVE-2009-3743, CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-2055, CVE-2010-4054, CVE-2012-4405
SHA-256 | 03c0d395cdc0839362a464bc735af98cdf0e7ea963089096f746c47e2abb27c3
Gentoo Linux Security Advisory 201402-29
Posted Feb 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-29 - Multiple integer overflow vulnerabilities have been found in ArgyllCMS which could allow attackers to execute arbitrary code. Versions less than 1.4.0-r1 are affected.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4405
SHA-256 | 37a8916db618424d7c7343c9421fc0602f1ab10167ee28779fca4bc44477e95f
Mandriva Linux Security Advisory 2013-090
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-090 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | 52b38a58d8663a77ed183b461180c1ba5f7327f1147c9fc9ad9385aff5163ee1
Mandriva Linux Security Advisory 2013-089
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-089 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | d8a45b54c37f2206c92a6365555941b6c0d4767b9db2b8a89a9e0c163126018c
Debian Security Advisory 2595-1
Posted Dec 31, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2595-1 - Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-4405
SHA-256 | 0a1fc6a70cb480d30676a2fa913e6565780e8080f258871de2065018975eedf6
Mandriva Linux Security Advisory 2012-151-1
Posted Oct 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-151 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | 32f652449710b63d0996de9156bb7e612a4d76530c83ee10539186a5fed9ccf9
Ubuntu Security Notice USN-1581-1
Posted Sep 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1581-1 - Marc Schoenefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4405
SHA-256 | d5eacb0d32baee360aec3c051f7d8a7118fd986a6a0564585fe5ce956532c53f
Mandriva Linux Security Advisory 2012-151
Posted Sep 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-151 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library. An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | 70c5fae7e0391b3aaf268d0de91e900e1c1d2018305363487c1a7a113ba9251b
Red Hat Security Advisory 2012-1256-01
Posted Sep 11, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1256-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library. An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-4405
SHA-256 | e992fb046a4ff2889ed6c6092055f9db6deaf8f238ece7cd352e50ae3b1a0446
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close