CVE-2009-0583
8.1 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.01 Low
EPSS
Percentile
83.4%
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain “native color space,” related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
bugs.gentoo.org/show_bug.cgi?id=261087
lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
secunia.com/advisories/34266
secunia.com/advisories/34373
secunia.com/advisories/34381
secunia.com/advisories/34393
secunia.com/advisories/34398
secunia.com/advisories/34418
secunia.com/advisories/34437
secunia.com/advisories/34443
secunia.com/advisories/34469
secunia.com/advisories/34729
secunia.com/advisories/35559
secunia.com/advisories/35569
securitytracker.com/id?1021868
sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
support.avaya.com/elmodocs2/security/ASA-2009-098.htm
wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
www.auscert.org.au/render.html?it=10666
www.debian.org/security/2009/dsa-1746
www.gentoo.org/security/en/glsa/glsa-200903-37.xml
www.mandriva.com/security/advisories?name=MDVSA-2009:095
www.mandriva.com/security/advisories?name=MDVSA-2009:096
www.redhat.com/support/errata/RHSA-2009-0345.html
www.securityfocus.com/archive/1/501994/100/0/threaded
www.securityfocus.com/bid/34184
www.ubuntu.com/usn/USN-743-1
www.vupen.com/english/advisories/2009/0776
www.vupen.com/english/advisories/2009/0777
www.vupen.com/english/advisories/2009/0816
www.vupen.com/english/advisories/2009/1708
bugzilla.redhat.com/show_bug.cgi?id=487742
exchange.xforce.ibmcloud.com/vulnerabilities/49329
issues.rpath.com/browse/RPL-2991
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
usn.ubuntu.com/757-1/
www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
Related
8.1 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.01 Low
EPSS
Percentile
83.4%