CVE-2009-0583

2009-03-2300:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.4%

JSON

Multiple integer overflows in icc.c in the International Color Consortium
(ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier
and Argyll Color Management System (CMS) 1.0.3 and earlier, allow
context-dependent attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly execute arbitrary code by using
a device file for a translation request that operates on a crafted image
file and targets a certain “native color space,” related to an ICC profile
in a (1) PostScript or (2) PDF file with embedded images.

OSVersionArchitecturePackageVersionFilename
ubuntu7.10noarchghostscript< 8.61.dfsg.1~svn8187-0ubuntu3.5UNKNOWN
ubuntu8.04noarchghostscript< 8.61.dfsg.1-1ubuntu3.1UNKNOWN
ubuntu8.10noarchghostscript< 8.63.dfsg.1-0ubuntu6.3UNKNOWN
ubuntu6.06noarchgs-gpl< 8.15-4ubuntu3.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.10	noarch	ghostscript	< 8.61.dfsg.1~svn8187-0ubuntu3.5	UNKNOWN
ubuntu	8.04	noarch	ghostscript	< 8.61.dfsg.1-1ubuntu3.1	UNKNOWN
ubuntu	8.10	noarch	ghostscript	< 8.63.dfsg.1-0ubuntu6.3	UNKNOWN
ubuntu	6.06	noarch	gs-gpl	< 8.15-4ubuntu3.2	UNKNOWN