1
PublicDateAtUSN: 2012-09-18
2
Candidate: CVE-2012-4405
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405
6
https://rhn.redhat.com/errata/RHSA-2012-1256.html
7
https://usn.ubuntu.com/usn/usn-1581-1
9
Multiple integer underflows in the icmLut_allocate function in
10
International Color Consortium (ICC) Format library (icclib), as used in
11
Ghostscript 9.06 and Argyll Color Management System, allow remote attackers
12
to cause a denial of service (crash) and possibly execute arbitrary code
13
via a crafted (1) PostScript or (2) PDF file with embedded images, which
14
triggers a heap-based buffer overflow. NOTE: this issue is also described
15
as an array index error.
18
mdeslaur> icclib isn't built in oneiric.
20
https://bugzilla.redhat.com/show_bug.cgi?id=854227
21
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687274 (gs)
22
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687275 (argyll)
24
Discovered-by: Marc Schönefeld
28
redhat: https://bugzilla.redhat.com/attachment.cgi?id=609986
29
upstream_ghostscript: needs-triage
30
hardy_ghostscript: released (8.61.dfsg.1-1ubuntu3.5)
31
lucid_ghostscript: released (8.71.dfsg.1-0ubuntu5.5)
32
natty_ghostscript: not-affected (code not present)
33
oneiric_ghostscript: not-affected
34
precise_ghostscript: not-affected (code not present)
35
precise/esm_ghostscript: DNE (precise was not-affected [code not present])
36
quantal_ghostscript: not-affected (code not present)
37
raring_ghostscript: not-affected (code not present)
38
saucy_ghostscript: not-affected (code not present)
39
trusty_ghostscript: not-affected (code not present)
40
utopic_ghostscript: not-affected (code not present)
41
vivid_ghostscript: not-affected (code not present)
42
vivid/stable-phone-overlay_ghostscript: DNE
43
vivid/ubuntu-core_ghostscript: DNE
44
wily_ghostscript: not-affected (code not present)
45
xenial_ghostscript: not-affected (code not present)
46
yakkety_ghostscript: not-affected (code not present)
47
zesty_ghostscript: not-affected (code not present)
48
devel_ghostscript: not-affected (code not present)
50
upstream_gs-gpl: needs-triage
56
precise/esm_gs-gpl: DNE
63
vivid/stable-phone-overlay_gs-gpl: DNE
64
vivid/ubuntu-core_gs-gpl: DNE
71
upstream_gs-esp: needs-triage
77
precise/esm_gs-esp: DNE
84
vivid/stable-phone-overlay_gs-esp: DNE
85
vivid/ubuntu-core_gs-esp: DNE
92
upstream_gs-afpl: needs-triage
98
precise/esm_gs-afpl: DNE
105
vivid/stable-phone-overlay_gs-afpl: DNE
106
vivid/ubuntu-core_gs-afpl: DNE
114
upstream_argyll: released (1.4.0-7)
116
lucid_argyll: ignored (reached end-of-life)
117
natty_argyll: ignored (reached end-of-life)
118
oneiric_argyll: ignored (reached end-of-life)
119
precise_argyll: ignored (reached end-of-life)
120
precise/esm_argyll: DNE (precise was needs-triage)
121
quantal_argyll: not-affected (1.4.0-7ubuntu1)
122
raring_argyll: not-affected (1.4.0-7ubuntu1)
123
saucy_argyll: not-affected (1.4.0-7ubuntu1)
124
trusty_argyll: not-affected (1.4.0-7ubuntu1)
125
utopic_argyll: not-affected (1.4.0-7ubuntu1)
126
vivid_argyll: not-affected (1.4.0-7ubuntu1)
127
vivid/stable-phone-overlay_argyll: DNE
128
vivid/ubuntu-core_argyll: DNE
129
wily_argyll: not-affected (1.4.0-7ubuntu1)
130
xenial_argyll: not-affected (1.4.0-7ubuntu1)
131
yakkety_argyll: not-affected (1.4.0-7ubuntu1)
132
zesty_argyll: not-affected (1.4.0-7ubuntu1)
133
devel_argyll: not-affected (1.4.0-7ubuntu1)