CVE-2009-0583
Ghostscript < 8.64 and Argyll CMS < 1.0.3 - Heap-Based Buffer Overflow via Crafted ICC Profile
Title source: llmDescription
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References (40)
Core 40
Core References
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-2991
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34381
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34437
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34393
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1021868
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34266
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34443
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1746
US Government Resource third-party-advisory
x_refsource_auscert
http://www.auscert.org.au/render.html?it=10666
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0776
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34418
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34729
Vendor Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0816
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34469
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35569
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1708
Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=487742
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34184
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35559
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34373
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34398
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/757-1/
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=261087
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0345.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0777
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501994/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-743-1
Scores
EPSS
0.0471
EPSS Percentile
90.8%
Details
CWE
CWE-119
Status
published
Products (23)
argyllcms/argyllcms
0.1.0
argyllcms/argyllcms
0.2.0
argyllcms/argyllcms
0.2.1
argyllcms/argyllcms
0.2.2
argyllcms/argyllcms
0.3.0
argyllcms/argyllcms
0.6.0
argyllcms/argyllcms
0.7.0 beta_8
argyllcms/argyllcms
1.0.0
argyllcms/argyllcms
1.0.2
argyllcms/argyllcms
< 1.0.3
... and 13 more
Published
Mar 23, 2009
Tracked Since
Feb 18, 2026