Lucene search

[email protected]CVE-2009-0584

HistoryMar 23, 2009 - 8:00 p.m.

CVE-2009-0584

2009-03-2320:00:00

CWE-189

[email protected]

web.nvd.nist.gov

icc library

denial of service

arbitrary code

crafted image file

image processing

icc profile

postscript

pdf

nvd

cve-2009-0584

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.9%

JSON

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

CPENameOperatorVersion
ghostscript:ghostscriptghostscripteq8.60
ghostscript:ghostscriptghostscripteq7.07
ghostscript:ghostscriptghostscripteq0
ghostscript:ghostscriptghostscripteq8.57
ghostscript:ghostscriptghostscripteq8.54
ghostscript:ghostscriptghostscripteq7.05
ghostscript:ghostscriptghostscriptle8.64
ghostscript:ghostscriptghostscripteq5.50
argyllcms:cmsargyllcms cmsle1.0.3
ghostscript:ghostscriptghostscripteq8.15

CPE	Name	Operator	Version
ghostscript:ghostscript	ghostscript	eq	8.60
ghostscript:ghostscript	ghostscript	eq	7.07
ghostscript:ghostscript	ghostscript	eq	0
ghostscript:ghostscript	ghostscript	eq	8.57
ghostscript:ghostscript	ghostscript	eq	8.54
ghostscript:ghostscript	ghostscript	eq	7.05
ghostscript:ghostscript	ghostscript	le	8.64
ghostscript:ghostscript	ghostscript	eq	5.50
argyllcms:cms	argyllcms cms	le	1.0.3
ghostscript:ghostscript	ghostscript	eq	8.15

Rows per page:

1-10 of 141

References

bugs.gentoo.org/show_bug.cgi?id=261087

lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

osvdb.org/52988

secunia.com/advisories/34266

secunia.com/advisories/34373

secunia.com/advisories/34381

secunia.com/advisories/34393

secunia.com/advisories/34398

secunia.com/advisories/34418

secunia.com/advisories/34437

secunia.com/advisories/34443

secunia.com/advisories/34469

secunia.com/advisories/34729

secunia.com/advisories/35559

secunia.com/advisories/35569

securitytracker.com/id?1021868

sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1

support.avaya.com/elmodocs2/security/ASA-2009-098.htm

wiki.rpath.com/wiki/Advisories:rPSA-2009-0050

www.auscert.org.au/render.html?it=10666

www.debian.org/security/2009/dsa-1746

www.gentoo.org/security/en/glsa/glsa-200903-37.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:095

www.mandriva.com/security/advisories?name=MDVSA-2009:096

www.redhat.com/support/errata/RHSA-2009-0345.html

www.securityfocus.com/archive/1/501994/100/0/threaded

www.securityfocus.com/bid/34184

www.ubuntu.com/usn/USN-743-1

www.vupen.com/english/advisories/2009/0776

www.vupen.com/english/advisories/2009/0777

www.vupen.com/english/advisories/2009/0816

www.vupen.com/english/advisories/2009/1708

bugzilla.redhat.com/show_bug.cgi?id=487744

exchange.xforce.ibmcloud.com/vulnerabilities/49327

issues.rpath.com/browse/RPL-2991

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544

usn.ubuntu.com/757-1/

www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVE-2009-0584

prion1 veracode1 ubuntucve1 debiancve1 openvas60 securityvulns2 fedora6 oraclelinux1 nessus22 centos1 f52 debian1 osv1 seebug1 gentoo1 ubuntu2 redhat1 slackware1