CVE-2009-0583

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-0583
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/34393 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=487742 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0345.html Vendor Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 Vendor Advisory
http://securitytracker.com/id?1021868
https://issues.rpath.com/browse/RPL-2991
http://www.vupen.com/english/advisories/2009/0776 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html Vendor Advisory
http://secunia.com/advisories/34373 Vendor Advisory
http://secunia.com/advisories/34398 Vendor Advisory
http://www.debian.org/security/2009/dsa-1746 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html Vendor Advisory
http://www.vupen.com/english/advisories/2009/0777 Vendor Advisory
http://secunia.com/advisories/34381 Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://www.auscert.org.au/render.html?it=10666 US Government Resource
http://www.securityfocus.com/bid/34184
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://secunia.com/advisories/34437 Vendor Advisory
http://www.vupen.com/english/advisories/2009/0816 Vendor Advisory
http://www.ubuntu.com/usn/USN-743-1
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://secunia.com/advisories/34418 Vendor Advisory
http://secunia.com/advisories/34266 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
http://secunia.com/advisories/34469 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
http://secunia.com/advisories/34443 Vendor Advisory
http://secunia.com/advisories/34729
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
http://www.vupen.com/english/advisories/2009/1708
http://secunia.com/advisories/35569
http://secunia.com/advisories/35559
https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
https://usn.ubuntu.com/757-1/
http://www.securityfocus.com/archive/1/501994/100/0/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*
Information

Published : 2009-03-23 13:00

Updated : 2023-02-12 17:17

NVD link : CVE-2009-0583

Mitre link : CVE-2009-0583

JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa
Products Affected

argyllcms

  • argyllcms

ghostscript

  • ghostscript