Your submission was sent successfully! Close

CVE-2012-4405

Published: 18 September 2012

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

Priority

Medium

Status

Package Release Status
argyll
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needs-triage)
quantal Not vulnerable
(1.4.0-7ubuntu1)
raring Not vulnerable
(1.4.0-7ubuntu1)
saucy Not vulnerable
(1.4.0-7ubuntu1)
trusty Does not exist
(trusty was not-affected [1.4.0-7ubuntu1])
upstream
Released (1.4.0-7)
utopic Not vulnerable
(1.4.0-7ubuntu1)
vivid Not vulnerable
(1.4.0-7ubuntu1)
wily Not vulnerable
(1.4.0-7ubuntu1)
xenial Not vulnerable
(1.4.0-7ubuntu1)
yakkety Not vulnerable
(1.4.0-7ubuntu1)
zesty Not vulnerable
(1.4.0-7ubuntu1)
ghostscript
Launchpad, Ubuntu, Debian
hardy
Released (8.61.dfsg.1-1ubuntu3.5)
lucid
Released (8.71.dfsg.1-0ubuntu5.5)
natty Not vulnerable
(code not present)
oneiric Not vulnerable

precise Does not exist
(precise was not-affected [code not present])
quantal Not vulnerable
(code not present)
raring Not vulnerable
(code not present)
saucy Not vulnerable
(code not present)
trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

utopic Not vulnerable
(code not present)
vivid Not vulnerable
(code not present)
wily Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
yakkety Not vulnerable
(code not present)
zesty Not vulnerable
(code not present)
gs-afpl
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

gs-esp
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

gs-gpl
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist