ArgyllCMS: User-assisted execution of arbitrary code
Gentoo Linux Security Advisory
||GLSA 201206-04 / argyllcms
||June 18, 2012
||June 18, 2012: 1
All supported architectures
A vulnerability has been found in ArgyllCMS which could allow
attackers to execute arbitrary code.
ArgyllCMS is an ICC compatible color management system that supports
accurate ICC profile creation for scanners, cameras and film recorders.
ArgyllCMS does not properly handle ICC profiles causing a use-after-free
A remote attacker could entice a user to open a specially crafted image
file using ArgyllCMS, possibly resulting in execution of arbitrary code
with the privileges of the process, or a Denial of Service condition.
There is no known workaround at this time.
All argyllcms users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/argyllcms-1.4.0"