Debian Security Bug TrackerDEBIANCVE:CVE-2012-4405CVE-2012-4405
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
92.2%
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | argyll | < 1.4.0-7 | argyll_1.4.0-7_all.deb |
| Debian | 11 | all | argyll | < 1.4.0-7 | argyll_1.4.0-7_all.deb |
| Debian | 999 | all | argyll | < 1.4.0-7 | argyll_1.4.0-7_all.deb |
| Debian | 13 | all | argyll | < 1.4.0-7 | argyll_1.4.0-7_all.deb |
| Debian | 12 | all | ghostscript | < 9.05~dfsg-6.1 | ghostscript_9.05~dfsg-6.1_all.deb |
| Debian | 11 | all | ghostscript | < 9.05~dfsg-6.1 | ghostscript_9.05~dfsg-6.1_all.deb |
| Debian | 999 | all | ghostscript | < 9.05~dfsg-6.1 | ghostscript_9.05~dfsg-6.1_all.deb |
| Debian | 13 | all | ghostscript | < 9.05~dfsg-6.1 | ghostscript_9.05~dfsg-6.1_all.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
92.2%