CVE-2012-4405: Buffer Overflow
Multiple integer underflows in the icmLutallocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2012-4405?
CVE-2012-4405 is considered a high severity vulnerability due to its potential for denial of service and arbitrary code execution.
How do I fix CVE-2012-4405?
To fix CVE-2012-4405, update to a patched version of the affected software, including Ghostscript, Argyll Color Management System, or icclib.
What software is affected by CVE-2012-4405?
CVE-2012-4405 affects Ghostscript 9.06, the icclib library, and Argyll Color Management System.
Can CVE-2012-4405 be exploited remotely?
Yes, CVE-2012-4405 can be exploited remotely by attackers through crafted input.
What kind of vulnerabilities does CVE-2012-4405 contain?
CVE-2012-4405 contains multiple integer underflows that can lead to a denial of service and potential code execution.