ID CVE-2012-4405
Summary Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
References
Vulnerable Configurations
  • cpe:2.3:a:ghostscript:ghostscript:9.06
    cpe:2.3:a:ghostscript:ghostscript:9.06
  • cpe:2.3:a:argyllcms:cms
    cpe:2.3:a:argyllcms:cms
  • cpe:2.3:a:color:icclib
    cpe:2.3:a:color:icclib
CVSS
Base: 6.8 (as of 09-01-2015 - 13:28)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-17 (GPL Ghostscript: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could entice a user to open a specially crafted PostScript file or PDF using GPL Ghostscript, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 79970
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79970
    title GLSA-201412-17 : GPL Ghostscript: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201402-29.NASL
    description The remote host is affected by the vulnerability described in GLSA-201402-29 (ArgyllCMS: User-assisted execution of arbitrary code) Multiple integer overflow vulnerabilities have been discovered in the ICC Format Library in ArgyllCMS. Impact : A remote attacker could entice a user to open a specially crafted image file using ArgyllCMS, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 72756
    published 2014-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72756
    title GLSA-201402-29 : ArgyllCMS: User-assisted execution of arbitrary code
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-668.NASL
    description The following security issue was fixed in ghostscript : Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74770
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74770
    title openSUSE Security Update : ghostscript (openSUSE-SU-2012:1289-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-127.NASL
    description An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69617
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69617
    title Amazon Linux AMI : ghostscript (ALAS-2012-127)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-13846.NASL
    description This update removes some bundled libraries, notably icclib. This avoids security issue CVE-2012-4405. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 62378
    published 2012-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62378
    title Fedora 17 : ghostscript-9.05-4.fc17 (2012-13846)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-089.NASL
    description A security issue was identified and fixed in icclib : An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66101
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66101
    title Mandriva Linux Security Advisory : icclib (MDVSA-2013:089)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-669.NASL
    description The following security issue was fixed in ghostscript : Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74771
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74771
    title openSUSE Security Update : ghostscript-library (openSUSE-SU-2012:1290-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GHOSTSCRIPT-FONTS-OTHER-8290.NASL
    description This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue.
    last seen 2019-02-21
    modified 2012-09-20
    plugin id 62210
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62210
    title SuSE 10 Security Update : ghostscript (ZYPP Patch Number 8290)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120911_GHOSTSCRIPT_ON_SL5_X.NASL
    description Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 62057
    published 2012-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62057
    title Scientific Linux Security Update : ghostscript on SL5.x, SL6.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1581-1.NASL
    description Marc Schonefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62290
    published 2012-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62290
    title Ubuntu 8.04 LTS / 10.04 LTS : ghostscript vulnerability (USN-1581-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GHOSTSCRIPT-DEVEL-120912.NASL
    description This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64146
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64146
    title SuSE 11.2 Security Update : ghostscript (SAT Patch Number 6813)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-090.NASL
    description A security issue was identified and fixed in argyllcms : An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66102
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66102
    title Mandriva Linux Security Advisory : argyllcms (MDVSA-2013:090)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-1256.NASL
    description From Red Hat Security Advisory 2012:1256 : Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Schonefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68616
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68616
    title Oracle Linux 5 / 6 : ghostscript (ELSA-2012-1256)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2595.NASL
    description Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 63358
    published 2012-12-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63358
    title Debian DSA-2595-1 : ghostscript - integer overflow
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-151.NASL
    description A security issue was identified and fixed in ghostscript : An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 62445
    published 2012-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62445
    title Mandriva Linux Security Advisory : ghostscript (MDVSA-2012:151-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-13839.NASL
    description This update removes some bundled libraries, notably icclib. This avoids security issue CVE-2012-4405. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 62377
    published 2012-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62377
    title Fedora 16 : ghostscript-9.05-2.fc16 (2012-13839)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-1256.NASL
    description Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Schonefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62048
    published 2012-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62048
    title CentOS 5 / 6 : ghostscript (CESA-2012:1256)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1256.NASL
    description Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Schonefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62056
    published 2012-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62056
    title RHEL 5 / 6 : ghostscript (RHSA-2012:1256)
redhat via4
advisories
bugzilla
id 854227
title CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment ghostscript is earlier than 0:8.70-14.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121256002
        • comment ghostscript is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080155015
      • AND
        • comment ghostscript-devel is earlier than 0:8.70-14.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121256004
        • comment ghostscript-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080155017
      • AND
        • comment ghostscript-gtk is earlier than 0:8.70-14.el5_8.1
          oval oval:com.redhat.rhsa:tst:20121256006
        • comment ghostscript-gtk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080155019
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment ghostscript is earlier than 0:8.70-14.el6_3.1
          oval oval:com.redhat.rhsa:tst:20121256012
        • comment ghostscript is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095013
      • AND
        • comment ghostscript-devel is earlier than 0:8.70-14.el6_3.1
          oval oval:com.redhat.rhsa:tst:20121256016
        • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095017
      • AND
        • comment ghostscript-doc is earlier than 0:8.70-14.el6_3.1
          oval oval:com.redhat.rhsa:tst:20121256014
        • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095019
      • AND
        • comment ghostscript-gtk is earlier than 0:8.70-14.el6_3.1
          oval oval:com.redhat.rhsa:tst:20121256018
        • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120095015
rhsa
id RHSA-2012:1256
released 2012-09-11
severity Moderate
title RHSA-2012:1256: ghostscript security update (Moderate)
rpms
  • ghostscript-0:8.70-14.el5_8.1
  • ghostscript-devel-0:8.70-14.el5_8.1
  • ghostscript-gtk-0:8.70-14.el5_8.1
  • ghostscript-0:8.70-14.el6_3.1
  • ghostscript-devel-0:8.70-14.el6_3.1
  • ghostscript-doc-0:8.70-14.el6_3.1
  • ghostscript-gtk-0:8.70-14.el6_3.1
refmap via4
bid 55494
confirm https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301
gentoo GLSA-201412-17
mandriva
  • MDVSA-2012:151
  • MDVSA-2013:089
  • MDVSA-2013:090
mlist [oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write
sectrack 1027517
secunia 50719
suse
  • SUSE-SU-2012:1222
  • openSUSE-SU-2012:1289
  • openSUSE-SU-2012:1290
ubuntu USN-1581-1
xf icclib-pdf-bo(78411)
Last major update 12-01-2015 - 02:06
Published 18-09-2012 - 13:55
Last modified 28-08-2017 - 21:32
Back to Top