ID OPENVAS:864222 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2017-12-27T00:00:00
Description
Check for the Version of argyllcms
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for argyllcms FEDORA-2012-6529
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "The Argyll color management system supports accurate ICC profile creation for
acquisition devices, CMYK printers, film recorders and calibration and profiling
of displays.
Spectral sample data is supported, allowing a selection of illuminants observer
types, and paper fluorescent whitener additive compensation. Profiles can also
incorporate source specific gamut mappings for perceptual and saturation
intents. Gamut mapping and profile linking uses the CIECAM02 appearance model,
a unique gamut mapping algorithm, and a wide selection of rendering intents. It
also includes code for the fastest portable 8 bit raster color conversion
engine available anywhere, as well as support for fast, fully accurate 16 bit
conversion. Device color gamuts can also be viewed and compared using a VRML
viewer.";
tag_affected = "argyllcms on Fedora 16";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html");
script_id(864222);
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_version("$Revision: 8249 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $");
script_tag(name:"creation_date", value:"2012-05-08 12:35:10 +0530 (Tue, 08 May 2012)");
script_cve_id("CVE-2012-1616");
script_xref(name: "FEDORA", value: "2012-6529");
script_name("Fedora Update for argyllcms FEDORA-2012-6529");
script_tag(name: "summary" , value: "Check for the Version of argyllcms");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC16")
{
if ((res = isrpmvuln(pkg:"argyllcms", rpm:"argyllcms~1.4.0~1.fc16", rls:"FC16")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:864222", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for argyllcms FEDORA-2012-6529", "description": "Check for the Version of argyllcms", "published": "2012-05-08T00:00:00", "modified": "2017-12-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=864222", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["2012-6529", "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html"], "cvelist": ["CVE-2012-1616"], "lastseen": "2018-01-02T10:57:03", "viewCount": 0, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2018-01-02T10:57:03", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6529", "CVE-2012-1616"]}, {"type": "gentoo", "idList": ["GLSA-201206-04"]}, {"type": "openvas", "idList": ["OPENVAS:71571", "OPENVAS:1361412562310864222", "OPENVAS:136141256231071571"]}, {"type": "nessus", "idList": ["FEDORA_2012-6529.NASL", "GENTOO_GLSA-201206-04.NASL"]}], "modified": "2018-01-02T10:57:03", "rev": 2}, "vulnersScore": 6.5}, "pluginID": "864222", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for argyllcms FEDORA-2012-6529\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Argyll color management system supports accurate ICC profile creation for\n acquisition devices, CMYK printers, film recorders and calibration and profiling\n of displays.\n\n Spectral sample data is supported, allowing a selection of illuminants observer\n types, and paper fluorescent whitener additive compensation. Profiles can also\n incorporate source specific gamut mappings for perceptual and saturation\n intents. Gamut mapping and profile linking uses the CIECAM02 appearance model,\n a unique gamut mapping algorithm, and a wide selection of rendering intents. It\n also includes code for the fastest portable 8 bit raster color conversion\n engine available anywhere, as well as support for fast, fully accurate 16 bit\n conversion. Device color gamuts can also be viewed and compared using a VRML\n viewer.\";\n\ntag_affected = \"argyllcms on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html\");\n script_id(864222);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-08 12:35:10 +0530 (Tue, 08 May 2012)\");\n script_cve_id(\"CVE-2012-1616\");\n script_xref(name: \"FEDORA\", value: \"2012-6529\");\n script_name(\"Fedora Update for argyllcms FEDORA-2012-6529\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of argyllcms\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"argyllcms\", rpm:\"argyllcms~1.4.0~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:47:18", "description": "Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.", "edition": 5, "cvss3": {}, "published": "2012-06-21T15:55:00", "title": "CVE-2012-1616", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1616"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:color:icclib:1.23", "cpe:/a:color:icclib:2.11", "cpe:/a:argyllcms:argyllcms:1.0.2", "cpe:/a:argyllcms:argyllcms:0.2.0", "cpe:/a:argyllcms:argyllcms:1.3.0", "cpe:/a:argyllcms:argyllcms:1.3.4", "cpe:/a:argyllcms:argyllcms:1.3.7", "cpe:/a:argyllcms:argyllcms:1.3.1", "cpe:/a:argyllcms:argyllcms:1.1.0", "cpe:/a:argyllcms:argyllcms:0.3.0", "cpe:/a:argyllcms:argyllcms:0.2.1", "cpe:/a:argyllcms:argyllcms:0.7.0", "cpe:/a:argyllcms:argyllcms:1.1.1", "cpe:/a:color:icclib:2.00", "cpe:/a:argyllcms:argyllcms:1.0.0", "cpe:/a:argyllcms:argyllcms:1.3.3", "cpe:/a:color:icclib:2.02", "cpe:/a:color:icclib:2.03", "cpe:/a:argyllcms:argyllcms:1.3.2", "cpe:/a:argyllcms:argyllcms:1.3.5", "cpe:/a:argyllcms:argyllcms:0.2.2", "cpe:/a:argyllcms:argyllcms:1.2.0", "cpe:/a:argyllcms:argyllcms:1.0.4", "cpe:/a:argyllcms:argyllcms:0.1.0", "cpe:/a:argyllcms:argyllcms:1.0.3", "cpe:/a:argyllcms:argyllcms:1.3.6", "cpe:/a:argyllcms:argyllcms:0.6.0"], "id": "CVE-2012-1616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1616", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:color:icclib:2.03:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:color:icclib:1.23:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:color:icclib:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:color:icclib:2.11:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:color:icclib:2.02:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:50:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1616"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-04.", "modified": "2017-07-07T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:71571", "href": "http://plugins.openvas.org/nasl.php?oid=71571", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-04 (argyllcms)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found in ArgyllCMS which could allow\nattackers to execute arbitrary code.\";\ntag_solution = \"All argyllcms users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/argyllcms-1.4.0'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=416781\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201206-04.\";\n\n \n \nif(description)\n{\n script_id(71571);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1616\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:55 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-04 (argyllcms)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-gfx/argyllcms\", unaffected: make_list(\"ge 1.4.0\"), vulnerable: make_list(\"lt 1.4.0\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1616"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-05-08T00:00:00", "id": "OPENVAS:1361412562310864222", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864222", "type": "openvas", "title": "Fedora Update for argyllcms FEDORA-2012-6529", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for argyllcms FEDORA-2012-6529\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864222\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-08 12:35:10 +0530 (Tue, 08 May 2012)\");\n script_cve_id(\"CVE-2012-1616\");\n script_xref(name:\"FEDORA\", value:\"2012-6529\");\n script_name(\"Fedora Update for argyllcms FEDORA-2012-6529\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'argyllcms'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"argyllcms on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"argyllcms\", rpm:\"argyllcms~1.4.0~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1616"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-04.", "modified": "2018-10-12T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071571", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071571", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-04 (argyllcms)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_04.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71571\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1616\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:55 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-04 (argyllcms)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"A vulnerability has been found in ArgyllCMS which could allow\nattackers to execute arbitrary code.\");\n script_tag(name:\"solution\", value:\"All argyllcms users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/argyllcms-1.4.0'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-04\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=416781\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-04.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-gfx/argyllcms\", unaffected: make_list(\"ge 1.4.0\"), vulnerable: make_list(\"lt 1.4.0\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:07", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1616"], "description": "### Background\n\nArgyllCMS is an ICC compatible color management system that supports accurate ICC profile creation for scanners, cameras and film recorders. \n\n### Description\n\nArgyllCMS does not properly handle ICC profiles causing a use-after-free vulnerability. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted image file using ArgyllCMS, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll argyllcms users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/argyllcms-1.4.0\"", "edition": 1, "modified": "2012-06-18T00:00:00", "published": "2012-06-18T00:00:00", "id": "GLSA-201206-04", "href": "https://security.gentoo.org/glsa/201206-04", "type": "gentoo", "title": "ArgyllCMS: User-assisted execution of arbitrary code", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:54:14", "description": "The remote host is affected by the vulnerability described in GLSA-201206-04\n(ArgyllCMS: User-assisted execution of arbitrary code)\n\n ArgyllCMS does not properly handle ICC profiles causing a use-after-free\n vulnerability.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted image\n file using ArgyllCMS, possibly resulting in execution of arbitrary code\n with the privileges of the process, or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-06-21T00:00:00", "title": "GLSA-201206-04 : ArgyllCMS: User-assisted execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1616"], "modified": "2012-06-21T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:argyllcms", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-04.NASL", "href": "https://www.tenable.com/plugins/nessus/59632", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59632);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1616\");\n script_bugtraq_id(53240);\n script_xref(name:\"GLSA\", value:\"201206-04\");\n\n script_name(english:\"GLSA-201206-04 : ArgyllCMS: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-04\n(ArgyllCMS: User-assisted execution of arbitrary code)\n\n ArgyllCMS does not properly handle ICC profiles causing a use-after-free\n vulnerability.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted image\n file using ArgyllCMS, possibly resulting in execution of arbitrary code\n with the privileges of the process, or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All argyllcms users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/argyllcms-1.4.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:argyllcms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/argyllcms\", unaffected:make_list(\"ge 1.4.0\"), vulnerable:make_list(\"lt 1.4.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ArgyllCMS\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:35", "description": " - Update to latest upstream release\n\n - A colorimeter can now be used as a reference to make\n ccmx files\n\n - Added dither/screening support for 8 bit output of\n render\n\n - Added JPEG file support to cctiff, tiffgamut and\n extracticc\n\n - Fixed double free in icc/icc.c for profiles that have\n duplicate tags\n\n - Fix bugs in ColorMunki Transmissive measurement mode\n calibration.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-05-07T00:00:00", "title": "Fedora 16 : argyllcms-1.4.0-1.fc16 (2012-6529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1616"], "modified": "2012-05-07T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:argyllcms", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-6529.NASL", "href": "https://www.tenable.com/plugins/nessus/58998", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-6529.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58998);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-1616\");\n script_bugtraq_id(53240);\n script_xref(name:\"FEDORA\", value:\"2012-6529\");\n\n script_name(english:\"Fedora 16 : argyllcms-1.4.0-1.fc16 (2012-6529)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to latest upstream release\n\n - A colorimeter can now be used as a reference to make\n ccmx files\n\n - Added dither/screening support for 8 bit output of\n render\n\n - Added JPEG file support to cctiff, tiffgamut and\n extracticc\n\n - Fixed double free in icc/icc.c for profiles that have\n duplicate tags\n\n - Fix bugs in ColorMunki Transmissive measurement mode\n calibration.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=809697\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4591487a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected argyllcms package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:argyllcms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"argyllcms-1.4.0-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"argyllcms\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1616"], "description": "The Argyll color management system supports accurate ICC profile creation f or acquisition devices, CMYK printers, film recorders and calibration and prof iling of displays. Spectral sample data is supported, allowing a selection of illuminants obse rver types, and paper fluorescent whitener additive compensation. Profiles can a lso incorporate source specific gamut mappings for perceptual and saturation intents. Gamut mapping and profile linking uses the CIECAM02 appearance mod el, a unique gamut mapping algorithm, and a wide selection of rendering intents . It also includes code for the fastest portable 8 bit raster color conversion engine available anywhere, as well as support for fast, fully accurate 16 b it conversion. Device color gamuts can also be viewed and compared using a VRML viewer. ", "modified": "2012-05-04T20:30:32", "published": "2012-05-04T20:30:32", "id": "FEDORA:A6628208BC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: argyllcms-1.4.0-1.fc16", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
