Debian Security Advisory

DSA-2595-1 ghostscript -- integer overflow

Date Reported:
30 Dec 2012
Affected Packages:
ghostscript
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2012-4405.
More information:

Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in version 8.71~dfsg2-9+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 9.05~dfsg-6.1.

For the unstable distribution (sid), this problem has been fixed in version 9.05~dfsg-6.1.

We recommend that you upgrade your ghostscript packages.