[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111604

 
 

909

 
 

87185

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-0583Date: (C)2009-03-23   (M)2018-06-20


Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1021868
http://www.securityfocus.com/archive/1/archive/1/501994/100/0/threaded
SUNALERT-262288
BID-34184
SECUNIA-34266
SECUNIA-34373
SECUNIA-34381
SECUNIA-34393
SECUNIA-34398
SECUNIA-34418
SECUNIA-34437
SECUNIA-34443
SECUNIA-34469
SECUNIA-34729
SECUNIA-35559
SECUNIA-35569
ADV-2009-0776
ADV-2009-0777
ADV-2009-0816
ADV-2009-1708
DSA-1746
ESB-2009.0259
FEDORA-2009-2883
FEDORA-2009-2885
FEDORA-2009-3011
FEDORA-2009-3031
GLSA-200903-37
MDVSA-2009:095
MDVSA-2009:096
RHSA-2009:0345
SUSE-SR:2009:007
USN-743-1
USN-757-1
ghostscript-icclib-native-color-bo(49329)
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
https://bugzilla.redhat.com/show_bug.cgi?id=487742
https://issues.rpath.com/browse/RPL-2991

CPE    10
cpe:/a:argyllcms:argyllcms:0.1.0
cpe:/a:argyllcms:argyllcms:0.3.0
cpe:/a:argyllcms:argyllcms:0.6.0
cpe:/a:argyllcms:argyllcms:0.2.0
...
CWE    1
CWE-119
OVAL    38
oval:org.secpod.oval:def:300532
oval:org.secpod.oval:def:102184
oval:org.secpod.oval:def:202116
oval:org.secpod.oval:def:200453
...

© SecPod Technologies