CVE-2012-4405 - Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC)

CVE-2012-4405

Summary

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

References

Vulnerable Configurations

cpe:2.3:a:ghostscript:ghostscript:9.06:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:9.06:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:cms:-:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:cms:-:*:*:*:*:*:*:*
cpe:2.3:a:color:icclib:-:*:*:*:*:*:*:*
cpe:2.3:a:color:icclib:-:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-02-2023 - 04:34)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	854227
title	CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment ghostscript is earlier than 0:8.70-14.el5_8.1
oval oval:com.redhat.rhsa:tst:20121256001
comment ghostscript is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080155009

AND

comment ghostscript-devel is earlier than 0:8.70-14.el5_8.1
oval oval:com.redhat.rhsa:tst:20121256003
comment ghostscript-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080155011

AND

comment ghostscript-gtk is earlier than 0:8.70-14.el5_8.1
oval oval:com.redhat.rhsa:tst:20121256005
comment ghostscript-gtk is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20080155013

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment ghostscript is earlier than 0:8.70-14.el6_3.1
oval oval:com.redhat.rhsa:tst:20121256008
comment ghostscript is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095009

AND

comment ghostscript-devel is earlier than 0:8.70-14.el6_3.1
oval oval:com.redhat.rhsa:tst:20121256010
comment ghostscript-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095011

AND

comment ghostscript-doc is earlier than 0:8.70-14.el6_3.1
oval oval:com.redhat.rhsa:tst:20121256012
comment ghostscript-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095013

AND

comment ghostscript-gtk is earlier than 0:8.70-14.el6_3.1
oval oval:com.redhat.rhsa:tst:20121256014
comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120095015

rhsa

id	RHSA-2012:1256
released	2012-09-11
severity	Moderate
title	RHSA-2012:1256: ghostscript security update (Moderate)

rpms

ghostscript-0:8.70-14.el5_8.1
ghostscript-0:8.70-14.el6_3.1
ghostscript-debuginfo-0:8.70-14.el5_8.1
ghostscript-debuginfo-0:8.70-14.el6_3.1
ghostscript-devel-0:8.70-14.el5_8.1
ghostscript-devel-0:8.70-14.el6_3.1
ghostscript-doc-0:8.70-14.el6_3.1
ghostscript-gtk-0:8.70-14.el5_8.1
ghostscript-gtk-0:8.70-14.el6_3.1

refmap via4

bid	55494
confirm	https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301
gentoo	GLSA-201412-17
mandriva	MDVSA-2012:151 MDVSA-2013:089 MDVSA-2013:090
mlist	[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write
sectrack	1027517
secunia	50719
suse	SUSE-SU-2012:1222 openSUSE-SU-2012:1289 openSUSE-SU-2012:1290
ubuntu	USN-1581-1
xf	icclib-pdf-bo(78411)

Last major update

13-02-2023 - 04:34

Published

18-09-2012 - 17:55

Last modified

13-02-2023 - 04:34