CVE-2012-4405

Published Sep 18, 2012

Last updated a year ago

Overview

Description: Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-189

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:argyllcms:cms:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56ABA324-0E9B-4A36-81E8-DC30AEE06A63"
          },
          {
            "criteria": "cpe:2.3:a:color:icclib:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45A77810-0D13-4CF3-A1FE-2F31913DCA40"
          },
          {
            "criteria": "cpe:2.3:a:ghostscript:ghostscript:9.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D34E7940-94CB-492F-92DD-78786EB59570"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References