CVE-2009-0583

2009-03-23 21:00:00 2018-10-10 21:29:22

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Ghostscript - Ghostscript Argyllcms - Argyllcms

Advisory	Patch	Confirmed	Link
			FEDORA-2009-3031
			FEDORA-2009-3011
			https://issues.rpath.com/browse/RPL-2991
			USN-757-1
			FEDORA-2009-2883
			ghostscript-icclib-native-color-bo(49329)
			FEDORA-2009-2885
			ADV-2009-0816
			ADV-2009-1708
			https://bugzilla.redhat.com/show_bug.cgi?id=487742
			ADV-2009-0777
			ADV-2009-0776
			USN-743-1
			34184
			20090319 rPSA-2009-0050-1 ghostscript
			RHSA-2009:0345
			MDVSA-2009:096
			MDVSA-2009:095
			DSA-1746
			GLSA-200903-37
			http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
			ESB-2009.0259
			262288
			http://support.avaya.com/elmodocs2/security/ASA-2009-098...
			1021868
			SUSE-SR:2009:007
			http://bugs.gentoo.org/show_bug.cgi?id=261087

CVE-2009-0583

2009-03-23 21:00:00 2018-10-10 21:29:22

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Improper Restriction of Operations within the Bounds of a Memory Buffer (ID 119)