A vulnerability has been found in ArgyllCMS which could allow attackers to execute arbitrary code.
|Package||media-gfx/argyllcms on all architectures|
|Affected versions||< 1.4.0|
|Unaffected versions||>= 1.4.0|
ArgyllCMS is an ICC compatible color management system that supports accurate ICC profile creation for scanners, cameras and film recorders.
ArgyllCMS does not properly handle ICC profiles causing a use-after-free vulnerability.
A remote attacker could entice a user to open a specially crafted image file using ArgyllCMS, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition.
There is no known workaround at this time.
All argyllcms users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/argyllcms-1.4.0"
June 18, 2012
June 18, 2012: 1