[email protected]NVD:CVE-2009-0583

HistoryMar 23, 2009 - 8:00 p.m.

CVE-2009-0583

2009-03-2320:00:00

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.6%

JSON

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain “native color space,” related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Affected configurations

NVD

Node

ghostscriptghostscriptRange≤8.64

ghostscriptghostscriptMatch5.50

ghostscriptghostscriptMatch7.05

ghostscriptghostscriptMatch7.07

ghostscriptghostscriptMatch8.0.1

ghostscriptghostscriptMatch8.15

ghostscriptghostscriptMatch8.15.2

ghostscriptghostscriptMatch8.54

ghostscriptghostscriptMatch8.56

ghostscriptghostscriptMatch8.57

ghostscriptghostscriptMatch8.61

ghostscriptghostscriptMatch8.62

ghostscriptghostscriptMatch8.63

Node

argyllcmsargyllcmsRange≤1.0.3

argyllcmsargyllcmsMatch0.1.0

argyllcmsargyllcmsMatch0.2.0

argyllcmsargyllcmsMatch0.2.1

argyllcmsargyllcmsMatch0.2.2

argyllcmsargyllcmsMatch0.3.0

argyllcmsargyllcmsMatch0.6.0

argyllcmsargyllcmsMatch0.7.0beta_8

argyllcmsargyllcmsMatch1.0.0

argyllcmsargyllcmsMatch1.0.2

References

bugs.gentoo.org/show_bug.cgi?id=261087

lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

secunia.com/advisories/34266

secunia.com/advisories/34373

secunia.com/advisories/34381

secunia.com/advisories/34393

secunia.com/advisories/34398

secunia.com/advisories/34418

secunia.com/advisories/34437

secunia.com/advisories/34443

secunia.com/advisories/34469

secunia.com/advisories/34729

secunia.com/advisories/35559

secunia.com/advisories/35569

securitytracker.com/id?1021868

sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1

support.avaya.com/elmodocs2/security/ASA-2009-098.htm

wiki.rpath.com/wiki/Advisories:rPSA-2009-0050

www.auscert.org.au/render.html?it=10666

www.debian.org/security/2009/dsa-1746

www.gentoo.org/security/en/glsa/glsa-200903-37.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:095

www.mandriva.com/security/advisories?name=MDVSA-2009:096

www.redhat.com/support/errata/RHSA-2009-0345.html

www.securityfocus.com/archive/1/501994/100/0/threaded

www.securityfocus.com/bid/34184

www.ubuntu.com/usn/USN-743-1

www.vupen.com/english/advisories/2009/0776

www.vupen.com/english/advisories/2009/0777

www.vupen.com/english/advisories/2009/0816

www.vupen.com/english/advisories/2009/1708

bugzilla.redhat.com/show_bug.cgi?id=487742

exchange.xforce.ibmcloud.com/vulnerabilities/49329

issues.rpath.com/browse/RPL-2991

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795

usn.ubuntu.com/757-1/

www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.6%

JSON

Related for NVD:CVE-2009-0583

fedora11 veracode1 cve2 openvas82 debiancve2 ubuntucve2 cvelist2 prion2 redhat1 nessus34 oraclelinux1 centos1 securityvulns2 seebug1 ubuntu2 gentoo1 f52 osv1 debian1 nvd1 slackware1