--%> SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)
[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-0583

Date: (C)2009-03-23   (M)2017-10-04
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Reference:
SECTRACK-1021868
http://www.securityfocus.com/archive/1/archive/1/501994/100/0/threaded
SUNALERT-262288
BID-34184
SECUNIA-34266
SECUNIA-34373
SECUNIA-34381
SECUNIA-34393
SECUNIA-34398
SECUNIA-34418
SECUNIA-34437
SECUNIA-34443
SECUNIA-34469
SECUNIA-34729
SECUNIA-35559
SECUNIA-35569
ADV-2009-0776
ADV-2009-0777
ADV-2009-0816
ADV-2009-1708
DSA-1746
ESB-2009.0259
FEDORA-2009-2883
FEDORA-2009-2885
FEDORA-2009-3011
FEDORA-2009-3031
GLSA-200903-37
MDVSA-2009:095
MDVSA-2009:096
RHSA-2009:0345
SUSE-SR:2009:007
USN-743-1
USN-757-1
ghostscript-icclib-native-color-bo(49329)
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
https://bugzilla.redhat.com/show_bug.cgi?id=487742
https://issues.rpath.com/browse/RPL-2991

CPE    10
cpe:/a:argyllcms:argyllcms:0.1.0
cpe:/a:argyllcms:argyllcms:0.3.0
cpe:/a:argyllcms:argyllcms:0.6.0
cpe:/a:argyllcms:argyllcms:0.2.0
...
CWE    1
CWE-119
OVAL    38
oval:org.secpod.oval:def:300532
oval:org.secpod.oval:def:202116
oval:org.secpod.oval:def:200453
oval:org.secpod.oval:def:202716
...

© 2013 SecPod Technologies