CVE-2012-4405

描述

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

如何修補 CVE-2012-4405

要修補 CVE-2012-4405,請將受影響套件升級到下列已修補版本。

• Debian/argyll—升級至 1.4.0-7 或更新版本
• —升級至 9.05~dfsg-6.1 或更新版本
• —升級至 8.71~dfsg2-9+squeeze1 或更新版本

CVE-2012-4405 正在被利用嗎?

中等 — EPSS 為 23.8%,可持續追蹤但非最高優先。

受影響套件(3)

• from 0, < 1.4.0-7
• from 0, < 9.05~dfsg-6.1
• from 0, < 8.71~dfsg2-9+squeeze1

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-4405