LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

ghostscript: code execution

Package(s):ghostscript CVE #(s):CVE-2012-4405
Created:September 12, 2012 Updated:April 10, 2013
Description: From the Red Hat advisory:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript.

Alerts:
Red Hat RHSA-2012:1256-01 2012-09-11
CentOS CESA-2012:1256 2012-09-11
CentOS CESA-2012:1256 2012-09-11
Scientific Linux SL-ghos-20120911 2012-09-11
Oracle ELSA-2012-1256 2012-09-11
Oracle ELSA-2012-1256 2012-09-11
Mandriva MDVSA-2012:151 2012-09-12
SUSE SUSE-SU-2012:1222-1 2012-09-19
Ubuntu USN-1581-1 2012-09-24
Fedora FEDORA-2012-13846 2012-09-28
Fedora FEDORA-2012-13839 2012-09-28
openSUSE openSUSE-SU-2012:1289-1 2012-10-04
openSUSE openSUSE-SU-2012:1290-1 2012-10-04
Mandriva MDVSA-2012:151-1 2012-10-05
Mageia MGASA-2012-0301 2012-10-20
Debian DSA-2595-1 2012-12-30
Mandriva MDVSA-2013:089 2013-04-09
Mandriva MDVSA-2013:090 2013-04-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds