CVSS: 7.8EPSS: 35%CPEs: 3EXPL: 0CVE-2012-4405 – argyllcms: Array index error leading to heap-based bufer OOB write
https://notcve.org/view.php?id=CVE-2012-4405
11 Sep 2012 — Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. Múltiples desbordamientos inferiores de enteros en la f... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 9%CPEs: 14EXPL: 0CVE-2009-0584 – argyllcms: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library
https://notcve.org/view.php?id=CVE-2009-0584
23 Mar 2009 — icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. icc.c, pertenec... • http://bugs.gentoo.org/show_bug.cgi?id=261087 • CWE-189: Numeric Errors •