what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2012-4405

Status Candidate

Overview

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

Related Files

Gentoo Linux Security Advisory 201412-17
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-17 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0196, CVE-2009-0792, CVE-2009-3743, CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-2055, CVE-2010-4054, CVE-2012-4405
SHA-256 | 03c0d395cdc0839362a464bc735af98cdf0e7ea963089096f746c47e2abb27c3
Gentoo Linux Security Advisory 201402-29
Posted Feb 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-29 - Multiple integer overflow vulnerabilities have been found in ArgyllCMS which could allow attackers to execute arbitrary code. Versions less than 1.4.0-r1 are affected.

tags | advisory, overflow, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-4405
SHA-256 | 37a8916db618424d7c7343c9421fc0602f1ab10167ee28779fca4bc44477e95f
Mandriva Linux Security Advisory 2013-090
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-090 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | 52b38a58d8663a77ed183b461180c1ba5f7327f1147c9fc9ad9385aff5163ee1
Mandriva Linux Security Advisory 2013-089
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-089 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | d8a45b54c37f2206c92a6365555941b6c0d4767b9db2b8a89a9e0c163126018c
Debian Security Advisory 2595-1
Posted Dec 31, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2595-1 - Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2012-4405
SHA-256 | 0a1fc6a70cb480d30676a2fa913e6565780e8080f258871de2065018975eedf6
Mandriva Linux Security Advisory 2012-151-1
Posted Oct 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-151 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | 32f652449710b63d0996de9156bb7e612a4d76530c83ee10539186a5fed9ccf9
Ubuntu Security Notice USN-1581-1
Posted Sep 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1581-1 - Marc Schoenefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4405
SHA-256 | d5eacb0d32baee360aec3c051f7d8a7118fd986a6a0564585fe5ce956532c53f
Mandriva Linux Security Advisory 2012-151
Posted Sep 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-151 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library. An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-4405
SHA-256 | 70c5fae7e0391b3aaf268d0de91e900e1c1d2018305363487c1a7a113ba9251b
Red Hat Security Advisory 2012-1256-01
Posted Sep 11, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1256-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library. An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-4405
SHA-256 | e992fb046a4ff2889ed6c6092055f9db6deaf8f238ece7cd352e50ae3b1a0446
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    12 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close