Lucene search

[email protected]NVD:CVE-2009-0584

HistoryMar 23, 2009 - 8:00 p.m.

CVE-2009-0584

2009-03-2320:00:00

CWE-189

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.0%

JSON

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Affected configurations

NVD

Node

argyllcmscmsRange≤1.0.3

ghostscriptghostscriptRange≤8.64

ghostscriptghostscriptMatch0

ghostscriptghostscriptMatch5.50

ghostscriptghostscriptMatch7.05

ghostscriptghostscriptMatch7.07

ghostscriptghostscriptMatch8.0.1

ghostscriptghostscriptMatch8.15

ghostscriptghostscriptMatch8.15.2

ghostscriptghostscriptMatch8.54

ghostscriptghostscriptMatch8.56

ghostscriptghostscriptMatch8.57

ghostscriptghostscriptMatch8.60

ghostscriptghostscriptMatch8.61

References

bugs.gentoo.org/show_bug.cgi?id=261087

lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

osvdb.org/52988

secunia.com/advisories/34266

secunia.com/advisories/34373

secunia.com/advisories/34381

secunia.com/advisories/34393

secunia.com/advisories/34398

secunia.com/advisories/34418

secunia.com/advisories/34437

secunia.com/advisories/34443

secunia.com/advisories/34469

secunia.com/advisories/34729

secunia.com/advisories/35559

secunia.com/advisories/35569

securitytracker.com/id?1021868

sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1

support.avaya.com/elmodocs2/security/ASA-2009-098.htm

wiki.rpath.com/wiki/Advisories:rPSA-2009-0050

www.auscert.org.au/render.html?it=10666

www.debian.org/security/2009/dsa-1746

www.gentoo.org/security/en/glsa/glsa-200903-37.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:095

www.mandriva.com/security/advisories?name=MDVSA-2009:096

www.redhat.com/support/errata/RHSA-2009-0345.html

www.securityfocus.com/archive/1/501994/100/0/threaded

www.securityfocus.com/bid/34184

www.ubuntu.com/usn/USN-743-1

www.vupen.com/english/advisories/2009/0776

www.vupen.com/english/advisories/2009/0777

www.vupen.com/english/advisories/2009/0816

www.vupen.com/english/advisories/2009/1708

bugzilla.redhat.com/show_bug.cgi?id=487744

exchange.xforce.ibmcloud.com/vulnerabilities/49327

issues.rpath.com/browse/RPL-2991

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544

usn.ubuntu.com/757-1/

www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for NVD:CVE-2009-0584

debiancve1 cve1 veracode1 prion1 cvelist1 ubuntucve1 oraclelinux1 nessus22 openvas60 fedora6 centos1 securityvulns2 seebug1 ubuntu2 gentoo1 f52 redhat1 debian1 osv1 slackware1