Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Argyllcms
  • Argyllcms
Ghostscript
  • Ghostscript

Configuration 1 [-]

OR cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*
References
Link Resource
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://secunia.com/advisories/34266 Vendor Advisory
http://secunia.com/advisories/34373 Vendor Advisory
http://secunia.com/advisories/34381 Vendor Advisory
http://secunia.com/advisories/34393 Vendor Advisory
http://secunia.com/advisories/34398 Vendor Advisory
http://secunia.com/advisories/34418 Vendor Advisory
http://secunia.com/advisories/34437 Vendor Advisory
http://secunia.com/advisories/34443 Vendor Advisory
http://secunia.com/advisories/34469 Vendor Advisory
http://secunia.com/advisories/34729
http://secunia.com/advisories/35559
http://secunia.com/advisories/35569
http://securitytracker.com/id?1021868
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 Vendor Advisory
http://www.auscert.org.au/render.html?it=10666 US Government Resource
http://www.debian.org/security/2009/dsa-1746 Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
http://www.redhat.com/support/errata/RHSA-2009-0345.html Vendor Advisory
http://www.securityfocus.com/archive/1/501994/100/0/threaded
http://www.securityfocus.com/bid/34184
http://www.ubuntu.com/usn/USN-743-1
http://www.vupen.com/english/advisories/2009/0776 Vendor Advisory
http://www.vupen.com/english/advisories/2009/0777 Vendor Advisory
http://www.vupen.com/english/advisories/2009/0816 Vendor Advisory
http://www.vupen.com/english/advisories/2009/1708
https://bugzilla.redhat.com/show_bug.cgi?id=487742 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
https://issues.rpath.com/browse/RPL-2991
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
https://usn.ubuntu.com/757-1/
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2009-03-23T19:26:00

Updated: 2018-10-10T18:57:01

Reserved: 2009-02-13T00:00:00

Link: CVE-2009-0583

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-03-23T20:00:00.343

Modified: 2023-02-13T01:17:08.410

Link: CVE-2009-0583

JSON object: View

cve-icon Redhat Information

No data.

CWE