GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jun 18, 2012 11:26 pm Post subject: [ GLSA 201206-04 ] ArgyllCMS: User-assisted execution of arb |
 |
|
Gentoo Linux Security Advisory
Title: ArgyllCMS: User-assisted execution of arbitrary code (GLSA 201206-04)
Severity: normal
Exploitable: remote
Date: June 18, 2012
Bug(s): #416781
ID: 201206-04
Synopsis
A vulnerability has been found in ArgyllCMS which could allow
attackers to execute arbitrary code.
Background
ArgyllCMS is an ICC compatible color management system that supports
accurate ICC profile creation for scanners, cameras and film recorders.
Affected Packages
Package: media-gfx/argyllcms
Vulnerable: < 1.4.0
Unaffected: >= 1.4.0
Architectures: All supported architectures
Description
ArgyllCMS does not properly handle ICC profiles causing a use-after-free
vulnerability.
Impact
A remote attacker could entice a user to open a specially crafted image
file using ArgyllCMS, possibly resulting in execution of arbitrary code
with the privileges of the process, or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All argyllcms users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/argyllcms-1.4.0"
|
References
CVE-2012-1616
Last edited by GLSA on Sat Mar 22, 2014 4:31 am; edited 2 times in total |
|
News & Announcements
