CVE-2009-0583

Ghostscript < 8.64 and Argyll CMS < 1.0.3 - Heap-Based Buffer Overflow via Crafted ICC Profile

Title source: llm
STIX 2.1

Description

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

References (40)

Core 40
Core References
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-2991
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34381
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34437
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34393
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1021868
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34266
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34443
Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1746
US Government Resource third-party-advisory x_refsource_auscert
http://www.auscert.org.au/render.html?it=10666
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0776
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34418
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34729
Vendor Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0816
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34469
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35569
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1708
Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=487742
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34184
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35559
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34373
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34398
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/757-1/
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=261087
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0345.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0777
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501994/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-743-1

Scores

EPSS 0.0471
EPSS Percentile 90.8%

Details

CWE
CWE-119
Status published
Products (23)
argyllcms/argyllcms 0.1.0
argyllcms/argyllcms 0.2.0
argyllcms/argyllcms 0.2.1
argyllcms/argyllcms 0.2.2
argyllcms/argyllcms 0.3.0
argyllcms/argyllcms 0.6.0
argyllcms/argyllcms 0.7.0 beta_8
argyllcms/argyllcms 1.0.0
argyllcms/argyllcms 1.0.2
argyllcms/argyllcms < 1.0.3
... and 13 more
Published Mar 23, 2009
Tracked Since Feb 18, 2026