Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 11 Sep 2012 15:25:50 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2012-4405 ghostscript, argyllcms: Array index error leading to
 heap-based bufer OOB write

Hi All,

An array index error leading to heap-based buffer out-of-buffer bounds
write flaw was found in the way International Color Consortium (ICC)
Format library (aka icclib) as used in Ghostscript and Argyll Color
Management System computed dimensional increment through the clut based
on the count of input channels.

This issue was reported by Marc Schönefeld

It seems that the upstream version of ghostscript no longer uses
embedded icclib so they are not affected.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=854227
Patch: https://bugzilla.redhat.com/attachment.cgi?id=609986


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ