Multiple integer underflows in the icmLut_allocate function in
International Color Consortium (ICC) Format library (icclib), as used
in Ghostscript 9.06 and Argyll Color Management System, allow remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted (1) PostScript or (2) PDF file with
embedded images, which triggers a heap-based buffer overflow. NOTE:
this issue is also described as an array index error.
Note:References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
This is an entry on the CVE
list, which standardizes names for security