Debian Security Advisory
DSA-2595-1 ghostscript -- integer overflow
- Date Reported:
- 30 Dec 2012
- Affected Packages:
- ghostscript
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-4405.
- More information:
-
Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code.
For the stable distribution (squeeze), this problem has been fixed in version 8.71~dfsg2-9+squeeze1.
For the testing distribution (wheezy), this problem has been fixed in version 9.05~dfsg-6.1.
For the unstable distribution (sid), this problem has been fixed in version 9.05~dfsg-6.1.
We recommend that you upgrade your ghostscript packages.