Security Information / 2012 / Security Information -- DSA-2595-1 ghostscript

Debian Security Advisory

DSA-2595-1 ghostscript -- integer overflow

Date Reported:

30 Dec 2012

Affected Packages:

ghostscript

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-4405.

More information:

Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.

For the stable distribution (squeeze), this problem has been fixed in version 8.71~dfsg2-9+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 9.05~dfsg-6.1.

For the unstable distribution (sid), this problem has been fixed in version 9.05~dfsg-6.1.

We recommend that you upgrade your ghostscript packages.