Lucene search

[email protected]NVD:CVE-2009-0792

HistoryApr 14, 2009 - 4:26 p.m.

CVE-2009-0792

2009-04-1416:26:56

CWE-189

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain “native color space,” related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.

Affected configurations

NVD

Node

ghostscriptghostscriptRange≤8.64

ghostscriptghostscriptMatch5.50

ghostscriptghostscriptMatch7.05

ghostscriptghostscriptMatch7.07

ghostscriptghostscriptMatch8.0.1

ghostscriptghostscriptMatch8.15

ghostscriptghostscriptMatch8.15.2

ghostscriptghostscriptMatch8.54

ghostscriptghostscriptMatch8.56

ghostscriptghostscriptMatch8.57

ghostscriptghostscriptMatch8.61

ghostscriptghostscriptMatch8.62

ghostscriptghostscriptMatch8.63

Node

argyllcmsargyllcmsRange≤1.0.3

argyllcmsargyllcmsMatch0.1.0

argyllcmsargyllcmsMatch0.2.0

argyllcmsargyllcmsMatch0.2.1

argyllcmsargyllcmsMatch0.2.2

argyllcmsargyllcmsMatch0.3.0

argyllcmsargyllcmsMatch0.6.0

argyllcmsargyllcmsMatch0.7.0beta_8

argyllcmsargyllcmsMatch1.0.0

argyllcmsargyllcmsMatch1.0.2

References

lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

secunia.com/advisories/34373

secunia.com/advisories/34667

secunia.com/advisories/34711

secunia.com/advisories/34726

secunia.com/advisories/34729

secunia.com/advisories/34732

secunia.com/advisories/35416

secunia.com/advisories/35559

secunia.com/advisories/35569

security.gentoo.org/glsa/glsa-201412-17.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1

support.avaya.com/elmodocs2/security/ASA-2009-155.htm

wiki.rpath.com/Advisories:rPSA-2009-0060

www.mandriva.com/security/advisories?name=MDVSA-2009:095

www.mandriva.com/security/advisories?name=MDVSA-2009:096

www.redhat.com/support/errata/RHSA-2009-0420.html

www.redhat.com/support/errata/RHSA-2009-0421.html

www.securityfocus.com/archive/1/502757/100/0/threaded

www.vupen.com/english/advisories/2009/1708

bugzilla.redhat.com/show_bug.cgi?id=491853

exchange.xforce.ibmcloud.com/vulnerabilities/50381

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207

usn.ubuntu.com/757-1/

www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

Related for NVD:CVE-2009-0792

nessus44 fedora11 openvas101 cvelist2 debiancve2 cve2 prion2 ubuntucve2 slackware1 veracode2 nvd1 ubuntu2 redhat3 oraclelinux3 securityvulns2 centos3 seebug1 gentoo2 f52 osv2 debian2