[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0583Date: (C)2009-03-23   (M)2023-12-28


Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1021868
http://www.securityfocus.com/archive/1/501994/100/0/threaded
SUNALERT-262288
BID-34184
SECUNIA-34266
SECUNIA-34373
SECUNIA-34381
SECUNIA-34393
SECUNIA-34398
SECUNIA-34418
SECUNIA-34437
SECUNIA-34443
SECUNIA-34469
SECUNIA-34729
SECUNIA-35559
SECUNIA-35569
ADV-2009-0776
ADV-2009-0777
ADV-2009-0816
ADV-2009-1708
DSA-1746
ESB-2009.0259
FEDORA-2009-2883
FEDORA-2009-2885
FEDORA-2009-3011
FEDORA-2009-3031
GLSA-200903-37
MDVSA-2009:095
MDVSA-2009:096
RHSA-2009:0345
SUSE-SR:2009:007
USN-743-1
USN-757-1
ghostscript-icclib-native-color-bo(49329)
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
https://bugzilla.redhat.com/show_bug.cgi?id=487742
https://issues.rpath.com/browse/RPL-2991
oval:org.mitre.oval:def:10795

CWE    1
CWE-119
OVAL    38
oval:org.secpod.oval:def:600410
oval:org.secpod.oval:def:200514
oval:org.secpod.oval:def:200577
oval:org.secpod.oval:def:202718
...

© SecPod Technologies