CVE-2009-0583

CVSS V2 High 9.3 CVSS V3 None
Description
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
Overview
  • CVE ID
  • CVE-2009-0583
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-03-23T20:00:00
  • Last Modified Date
  • 2023-02-13T01:17:08
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:* 1 OR 8.64
cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:* 1 OR 1.0.3
cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:* 1 OR
cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://secunia.com/advisories/34393 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=487742 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0345.html Vendor Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 Vendor Advisory
http://securitytracker.com/id?1021868
https://issues.rpath.com/browse/RPL-2991
http://www.vupen.com/english/advisories/2009/0776 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html Vendor Advisory
http://secunia.com/advisories/34373 Vendor Advisory
http://secunia.com/advisories/34398 Vendor Advisory
http://www.debian.org/security/2009/dsa-1746 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html Vendor Advisory
http://www.vupen.com/english/advisories/2009/0777 Vendor Advisory
http://secunia.com/advisories/34381 Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://www.auscert.org.au/render.html?it=10666 US Government Resource
http://www.securityfocus.com/bid/34184
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://secunia.com/advisories/34437 Vendor Advisory
http://www.vupen.com/english/advisories/2009/0816 Vendor Advisory
http://www.ubuntu.com/usn/USN-743-1
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://secunia.com/advisories/34418 Vendor Advisory
http://secunia.com/advisories/34266 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
http://secunia.com/advisories/34469 Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
http://secunia.com/advisories/34443 Vendor Advisory
http://secunia.com/advisories/34729
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
http://www.vupen.com/english/advisories/2009/1708
http://secunia.com/advisories/35569
http://secunia.com/advisories/35559
https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
https://usn.ubuntu.com/757-1/
http://www.securityfocus.com/archive/1/501994/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-0583
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
History
Created Old Value New Value Data Type Notes
2022-05-10 18:33:26 Added to TrackCVE
2023-02-02 21:02:17 2023-02-02T19:15:52 CVE Modified Date updated
2023-02-02 21:02:18 Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. CVE-2009-0583 ghostscript, argyllcms: Multiple integer overflows in the International Color Consortium Format Library Description updated
2023-02-13 02:02:23 2023-02-13T01:17:08 CVE Modified Date updated
2023-02-13 02:02:23 CVE-2009-0583 ghostscript, argyllcms: Multiple integer overflows in the International Color Consortium Format Library Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. Description updated