Skip to main content

Cms CVE-2012-4405

MEDIUM
Numeric Errors (CWE-189)
2012-09-18 secalert@redhat.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Sep 18, 2012 - 17:55 cve.org
MEDIUM 6.8

DescriptionCVE.org

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

AnalysisAI

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 35.4% and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-189. Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. Affected products include: Argyllcms Cms, Color Icclib, Ghostscript.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Cms

View all
CVE-2020-7357 CRITICAL POC
9.9 Aug 06

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. Rated c

CVE-2021-47753 CRITICAL POC
9.8 Jan 15

phpKF CMS 3.00 Beta allows unauthenticated PHP file upload by disguising it as a PNG, then renaming it for execution. Po

CVE-2019-9874 CRITICAL POC
9.8 May 31

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 an

CVE-2019-9875 HIGH POC
8.8 May 31

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to ex

CVE-2012-5894 HIGH POC
7.5 Nov 17

SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitr

CVE-2012-5893 MEDIUM POC
6.8 Nov 17

Unrestricted file upload vulnerability in hava_upload.php in Havalite CMS 1.1.0 and earlier allows remote attackers to e

CVE-2015-2083 MEDIUM POC
6.8 Feb 25

Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the authentication of admi

CVE-2012-5919 MEDIUM POC
4.3 Nov 19

Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbit

CVE-2025-5429 MEDIUM POC
6.3 Jun 02

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

CVE-2025-5428 MEDIUM POC
6.3 Jun 02

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

CVE-2025-5427 MEDIUM POC
6.3 Jun 02

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

CVE-2025-5426 MEDIUM POC
6.3 Jun 02

A security vulnerability in juzaweb CMS (CVSS 6.3). Risk factors: public PoC available.

Share

CVE-2012-4405 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy