----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia
report for 2008.

Highlights from the 2008 report:
 * Vulnerability Research
 * Software Inspection Results
 * Secunia Research Highlights
 * Secunia Advisory Statistics

Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia


----------------------------------------------------------------------

TITLE:
Argyll Color Management System icclib Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA34373

VERIFY ADVISORY:
http://secunia.com/advisories/34373/

DESCRIPTION:
Some vulnerabilities have been reported in Argyll Color Management
System, which can potentially be exploited by malicious people to
compromise an application using the library.

The vulnerabilities are caused due to integer overflows and boundary
errors within the icclib ICC format library, which can potentially be
exploited to execute arbitrary code by e.g. tricking a user into
processing specially crafted ICC data in an application using the
library.

The vulnerabilities are reported in version 1.0.3. Other versions may
also be affected.

SOLUTION:
Do not process untrusted ICC data in an application using the
library.

PROVIDED AND/OR DISCOVERED BY:
Originally reported in Red Hat and rPath advisories for Ghostscript.

ORIGINAL ADVISORY:
RHSA-2009-0345:
https://rhn.redhat.com/errata/RHSA-2009-0345.html

rPSA-2009-0050:
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------