Package: ghostscript
Severity: grave
Tags: security patch
Hi,
the following vulnerability was published for ghostscript.
Quoting from the original report, as the mitre entry does not exist so far..
CVE-2012-4405[0]:
| An array index error leading to heap-based buffer out-of-buffer bounds write
| flaw was found in the way International Color Consortium (ICC) Format library
| (aka icclib) as used in Ghostscript and Argyll Color Management System computed
| dimensional increment through the clut based on the count of input channels.
| Using specially-crafted ICC profiles, an attacker could create a malicious
| PostScript or PDF file with embedded images which would cause Ghostscript to
| crash or, potentially, execute arbitrary code when opened by the victim.
| Similarly when such specially-crafted ICC profile was inspected by some of the
| Argyll Color Management System tools it could lead to particular executable
| crash or, arbitrary code execution with the privileges of the user running the
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405
http://security-tracker.debian.org/tracker/CVE-2012-4405
Patch: https://bugzilla.redhat.com/attachment.cgi?id=609986
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
Attachment:
pgpgzEHugLd4_.pgp
Description: PGP signature