Joined: 12 May 2004
|Posted: Mon Jun 18, 2012 11:26 pm Post subject: [ GLSA 201206-04 ] ArgyllCMS: User-assisted execution of arb
|Gentoo Linux Security Advisory
Title: ArgyllCMS: User-assisted execution of arbitrary code (GLSA 201206-04)
Date: June 18, 2012
A vulnerability has been found in ArgyllCMS which could allow
attackers to execute arbitrary code.
ArgyllCMS is an ICC compatible color management system that supports
accurate ICC profile creation for scanners, cameras and film recorders.
Vulnerable: < 1.4.0
Unaffected: >= 1.4.0
Architectures: All supported architectures
ArgyllCMS does not properly handle ICC profiles causing a use-after-free
A remote attacker could entice a user to open a specially crafted image
file using ArgyllCMS, possibly resulting in execution of arbitrary code
with the privileges of the process, or a Denial of Service condition.
There is no known workaround at this time.
All argyllcms users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/argyllcms-1.4.0"
Last edited by GLSA on Sat Mar 22, 2014 4:31 am; edited 2 times in total