CVE - CVE-2009-0583

CVE-ID
CVE-2009-0583	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021868 URL:http://securitytracker.com/id?1021868 MISC:20090319 rPSA-2009-0050-1 ghostscript URL:http://www.securityfocus.com/archive/1/501994/100/0/threaded MISC:262288 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1~~ (Obsolete source) MISC:34184 URL:http://www.securityfocus.com/bid/34184 MISC:34266 URL:http://secunia.com/advisories/34266 MISC:34373 URL:http://secunia.com/advisories/34373 MISC:34381 URL:http://secunia.com/advisories/34381 MISC:34393 URL:http://secunia.com/advisories/34393 MISC:34398 URL:http://secunia.com/advisories/34398 MISC:34418 URL:http://secunia.com/advisories/34418 MISC:34437 URL:http://secunia.com/advisories/34437 MISC:34443 URL:http://secunia.com/advisories/34443 MISC:34469 URL:http://secunia.com/advisories/34469 MISC:34729 URL:http://secunia.com/advisories/34729 MISC:35559 URL:http://secunia.com/advisories/35559 MISC:35569 URL:http://secunia.com/advisories/35569 MISC:ADV-2009-0776 URL:~~http://www.vupen.com/english/advisories/2009/0776~~ (Obsolete source) MISC:ADV-2009-0777 URL:~~http://www.vupen.com/english/advisories/2009/0777~~ (Obsolete source) MISC:ADV-2009-0816 URL:~~http://www.vupen.com/english/advisories/2009/0816~~ (Obsolete source) MISC:ADV-2009-1708 URL:~~http://www.vupen.com/english/advisories/2009/1708~~ (Obsolete source) MISC:DSA-1746 URL:http://www.debian.org/security/2009/dsa-1746 MISC:ESB-2009.0259 URL:http://www.auscert.org.au/render.html?it=10666 MISC:FEDORA-2009-2883 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html MISC:FEDORA-2009-2885 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html MISC:FEDORA-2009-3011 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html MISC:FEDORA-2009-3031 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html MISC:GLSA-200903-37 URL:http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml MISC:MDVSA-2009:095 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:095~~ (Obsolete source) MISC:MDVSA-2009:096 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:096~~ (Obsolete source) MISC:RHSA-2009:0345 URL:http://www.redhat.com/support/errata/RHSA-2009-0345.html MISC:SUSE-SR:2009:007 URL:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html MISC:USN-743-1 URL:http://www.ubuntu.com/usn/USN-743-1 MISC:USN-757-1 URL:https://usn.ubuntu.com/757-1/ MISC:ghostscript-icclib-native-color-bo(49329) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/49329 MISC:http://bugs.gentoo.org/show_bug.cgi?id=261087 URL:http://bugs.gentoo.org/show_bug.cgi?id=261087 MISC:http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=487742 URL:https://bugzilla.redhat.com/show_bug.cgi?id=487742 MISC:https://issues.rpath.com/browse/RPL-2991 URL:https://issues.rpath.com/browse/RPL-2991 MISC:oval:org.mitre.oval:def:10795 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
Assigning CNA
Red Hat, Inc.
Date Record Created
20090213	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090213)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)