Summary
Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.
Solution
For the stable distribution (squeeze), this problem has been fixed in version 8.71~dfsg2-9+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 9.05~dfsg-6.1.
For the unstable distribution (sid), this problem has been fixed in version 9.05~dfsg-6.1.
We recommend that you upgrade your ghostscript packages.
Insight
Ghostscript is used for PostScript/PDF preview and printing. Usually as a back-end to a program such as ghostview, it can display PostScript and PDF documents in an X11 environment.
Affected
ghostscript on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4405 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities