MidnightBSD

Advisories for argyllcms

CVE-2009-0583 HIGH

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ghostscript ghostscript *
ghostscript ghostscript 7.07
ghostscript ghostscript 8.63
argyllcms argyllcms 0.7.0
argyllcms argyllcms 0.2.0
argyllcms argyllcms 0.3.0
ghostscript ghostscript 8.15
ghostscript ghostscript 8.56
ghostscript ghostscript 8.62
argyllcms argyllcms 0.2.2
ghostscript ghostscript 8.0.1
argyllcms argyllcms 0.1.0
ghostscript ghostscript 8.15.2
ghostscript ghostscript 8.57
ghostscript ghostscript 8.61
argyllcms argyllcms 0.6.0
argyllcms argyllcms 1.0.0
argyllcms argyllcms 1.0.2
argyllcms argyllcms 0.2.1
ghostscript ghostscript 7.05
ghostscript ghostscript 5.50
ghostscript ghostscript 8.54
argyllcms argyllcms *
CVE-2009-0792 HIGH

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ghostscript ghostscript *
ghostscript ghostscript 7.07
ghostscript ghostscript 8.63
argyllcms argyllcms 0.7.0
argyllcms argyllcms 0.2.0
argyllcms argyllcms 0.3.0
ghostscript ghostscript 8.15
ghostscript ghostscript 8.56
ghostscript ghostscript 8.62
argyllcms argyllcms 0.2.2
ghostscript ghostscript 8.0.1
argyllcms argyllcms 0.1.0
ghostscript ghostscript 8.15.2
ghostscript ghostscript 8.57
ghostscript ghostscript 8.61
argyllcms argyllcms 0.6.0
argyllcms argyllcms 1.0.0
argyllcms argyllcms 1.0.2
argyllcms argyllcms 0.2.1
ghostscript ghostscript 7.05
ghostscript ghostscript 5.50
ghostscript ghostscript 8.54
argyllcms argyllcms *
CVE-2012-1616 HIGH

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
argyllcms argyllcms 1.3.1
argyllcms argyllcms 0.2.0
argyllcms argyllcms 0.1.0
argyllcms argyllcms 1.3.6
argyllcms argyllcms 0.6.0
argyllcms argyllcms 1.0.2
argyllcms argyllcms 0.2.1
color icclib 2.00
argyllcms argyllcms *
argyllcms argyllcms 1.3.0
argyllcms argyllcms 1.1.1
argyllcms argyllcms 0.7.0
argyllcms argyllcms 1.0.3
argyllcms argyllcms 0.3.0
argyllcms argyllcms 1.3.3
argyllcms argyllcms 1.2.0
argyllcms argyllcms 0.2.2
argyllcms argyllcms 1.1.0
argyllcms argyllcms 1.3.5
argyllcms argyllcms 1.3.2
color icclib 1.23
color icclib *
color icclib 2.03
argyllcms argyllcms 1.0.0
argyllcms argyllcms 1.3.4
color icclib 2.02
argyllcms argyllcms 1.0.4
CVE-2012-4405 MEDIUM

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
ghostscript ghostscript 9.06
color icclib -
argyllcms cms -