Package: ghostscript Severity: grave Tags: security patch Hi, the following vulnerability was published for ghostscript.
Quoting from the original report, as the mitre entry does not exist so far.. CVE-2012-4405[0]: | An array index error leading to heap-based buffer out-of-buffer bounds write | flaw was found in the way International Color Consortium (ICC) Format library | (aka icclib) as used in Ghostscript and Argyll Color Management System computed | dimensional increment through the clut based on the count of input channels. | Using specially-crafted ICC profiles, an attacker could create a malicious | PostScript or PDF file with embedded images which would cause Ghostscript to | crash or, potentially, execute arbitrary code when opened by the victim. | Similarly when such specially-crafted ICC profile was inspected by some of the | Argyll Color Management System tools it could lead to particular executable | crash or, arbitrary code execution with the privileges of the user running the If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4405 http://security-tracker.debian.org/tracker/CVE-2012-4405 Patch: https://bugzilla.redhat.com/attachment.cgi?id=609986 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
pgpFiQERp8JtJ.pgp
Description: PGP signature
