CVE-2012-4405

EPSS 23.8%

ghostscript - buffer overflow

Published: 9/18/2012Modified: 4/28/2026

Also known as:DEBIAN-CVE-2012-4405

Description

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

Affected packages (3)

Debian/argyllfrom 0, < 1.4.0-7
Debian/ghostscriptfrom 0, < 9.05~dfsg-6.1
Debian/ghostscriptfrom 0, < 8.71~dfsg2-9+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-4405