Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

The remote host is affected by the vulnerability described in GLSA-201412-17 (GPL Ghostscript: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in GPL Ghostscript. Please       review the CVE identifiers referenced below for details.
  Impact :

    A context-dependent attacker could entice a user to open a specially       crafted PostScript file or PDF using GPL Ghostscript, possibly resulting       in execution of arbitrary code with the privileges of the process or a       Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The following security issue was fixed in ghostscript :

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE:
this issue is also described as an array index error.

The remote host is affected by the vulnerability described in GLSA-201402-29 (ArgyllCMS: User-assisted execution of arbitrary code)

    Multiple integer overflow vulnerabilities have been discovered in the       ICC Format Library in ArgyllCMS.
  Impact :

    A remote attacker could entice a user to open a specially crafted image       file using ArgyllCMS, possibly resulting in execution of arbitrary code       with the privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405)

From Red Hat Security Advisory 2012:1256 :

Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405)

Red Hat would like to thank Marc Schonefeld for reporting this issue.

Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

A security issue was identified and fixed in argyllcms :

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405).

The updated packages have been patched to correct this issue.

A security issue was identified and fixed in icclib :

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405).

The updated packages have been patched to correct this issue.

This update fixes an array index error leading to a heap-based buffer overflow in ghostscript-library. CVE-2012-4405 has been assigned to this issue.

Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.

A security issue was identified and fixed in ghostscript :

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript (CVE-2012-4405).

The updated packages have been patched to correct this issue.

This update removes some bundled libraries, notably icclib. This avoids security issue CVE-2012-4405.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Marc Schonefeld discovered that Ghostscript did not correctly handle certain image files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405)

Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1256 advisory.

  - ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write (CVE-2012-4405)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files.

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405)

Red Hat would like to thank Marc Schonefeld for reporting this issue.

Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

ID	Name	Product	Family	Severity
79970	GLSA-201412-17 : GPL Ghostscript: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
74771	openSUSE Security Update : ghostscript-library (openSUSE-SU-2012:1290-1)	Nessus	SuSE Local Security Checks	medium
74770	openSUSE Security Update : ghostscript (openSUSE-SU-2012:1289-1)	Nessus	SuSE Local Security Checks	medium
72756	GLSA-201402-29 : ArgyllCMS: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	medium
69617	Amazon Linux AMI : ghostscript (ALAS-2012-127)	Nessus	Amazon Linux Local Security Checks	medium
68616	Oracle Linux 5 / 6 : ghostscript (ELSA-2012-1256)	Nessus	Oracle Linux Local Security Checks	medium
66102	Mandriva Linux Security Advisory : argyllcms (MDVSA-2013:090)	Nessus	Mandriva Local Security Checks	medium
66101	Mandriva Linux Security Advisory : icclib (MDVSA-2013:089)	Nessus	Mandriva Local Security Checks	medium
64146	SuSE 11.2 Security Update : ghostscript (SAT Patch Number 6813)	Nessus	SuSE Local Security Checks	medium
63358	Debian DSA-2595-1 : ghostscript - integer overflow	Nessus	Debian Local Security Checks	medium
62445	Mandriva Linux Security Advisory : ghostscript (MDVSA-2012:151-1)	Nessus	Mandriva Local Security Checks	medium
62378	Fedora 17 : ghostscript-9.05-4.fc17 (2012-13846)	Nessus	Fedora Local Security Checks	medium
62377	Fedora 16 : ghostscript-9.05-2.fc16 (2012-13839)	Nessus	Fedora Local Security Checks	medium
62290	Ubuntu 8.04 LTS / 10.04 LTS : ghostscript vulnerability (USN-1581-1)	Nessus	Ubuntu Local Security Checks	medium
62210	SuSE 10 Security Update : ghostscript (ZYPP Patch Number 8290)	Nessus	SuSE Local Security Checks	medium
62057	Scientific Linux Security Update : ghostscript on SL5.x, SL6.x i386/x86_64 (20120911)	Nessus	Scientific Linux Local Security Checks	medium
62056	RHEL 5 / 6 : ghostscript (RHSA-2012:1256)	Nessus	Red Hat Local Security Checks	high
62048	CentOS 5 / 6 : ghostscript (CESA-2012:1256)	Nessus	CentOS Local Security Checks	medium

Detections

Analytics

CVE-2012-4405

high

Tenable Plugins

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high

medium