The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of icclib, Ghostscript: integer overflows via ICC

Synthesis of the vulnerability 

An attacker can invite the victim to open a malicious PDF or PS file with Ghostscript in order to execute code with victim's privileges.
Vulnerable software: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity of this announce: 3/4.
Creation date: 12/09/2012.
Références of this computer vulnerability: 854227, BID-55494, CVE-2012-4405, DSA-2595-1, FEDORA-2012-13839, FEDORA-2012-13846, MDVSA-2012:151, MDVSA-2012:151-1, MDVSA-2013:089, MDVSA-2013:090, openSUSE-SU-2012:1289-1, openSUSE-SU-2012:1290-1, RHSA-2012:1256-01, SUSE-SU-2012:1222-1, VIGILANCE-VUL-11935.

Description of the vulnerability 

The ICC (International Color Consortium) profile defines color variations needed by each device in order to display identical colors. Some image types, such as JPEG or PNG, can contain ICC profiles and can be included in a PDF or PostScript document.

The icclib/icc.c file of Ghostscript implements ICC.

The icmLut_read() function of the icclib/icc.c file reads a LUT (look-up table) from the ICC profile. The inputChan field, which contains the associated channel, is then used as an array index. However, if this index is negative, array data are written at an invalid memory address.

An attacker can therefore invite the victim to open a malicious PDF or PS file with Ghostscript, in order to execute code with victim's privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness bulletin impacts software or systems such as Debian, Fedora, Mandriva Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer weakness is important.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability announce.

Solutions for this threat 

icclib, Ghostscript: patch for ICC.
A patch is available in information sources.

Debian: new ghostscript packages.
New packages are available:
  ghostscript 8.71~dfsg2-9+squeeze1

Fedora: new ghostscript packages.
New packages are available:
  ghostscript-9.05-2.fc16
  ghostscript-9.05-4.fc17

Mandriva: new argyllcms packages.
New packages are available:
  argyllcms-1.4.0-2.1.mbs1

Mandriva: new ghostscript packages.
New packages are available:
  ghostscript-9.02-1.1-mdv2011.0
  ghostscript-8.63-62.6mdvmes5.2

Mandriva: new icclib packages.
New packages are available:
  icclib-2.13-2.1.mbs1

RHEL: new ghostscript packages.
New packages are available:
  ghostscript-8.70-14.el5_8.1
  ghostscript-8.70-14.el6_3.1

SUSE: new ghostscript packages.
New packages are available:
  openSUSE 11.4 : ghostscript-9.00-4.48.1
  openSUSE 12.1 : ghostscript-9.00-13.4.1
  SUSE LE 10 : ghostscript-8.15.4-16.28.1
  SUSE LE 11 : ghostscript-8.62-32.34.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computers vulnerabilities bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.