[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110204

 
 

909

 
 

85984

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-0584Date: (C)2009-03-23   (M)2018-06-20


icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1021868
http://www.securityfocus.com/archive/1/archive/1/501994/100/0/threaded
SUNALERT-262288
BID-34184
SECUNIA-34266
SECUNIA-34373
SECUNIA-34381
SECUNIA-34393
SECUNIA-34398
SECUNIA-34418
SECUNIA-34437
SECUNIA-34443
SECUNIA-34469
SECUNIA-34729
SECUNIA-35559
SECUNIA-35569
OSVDB-52988
ADV-2009-0776
ADV-2009-0777
ADV-2009-0816
ADV-2009-1708
DSA-1746
ESB-2009.0259
FEDORA-2009-2883
FEDORA-2009-2885
FEDORA-2009-3011
FEDORA-2009-3031
GLSA-200903-37
MDVSA-2009:095
MDVSA-2009:096
RHSA-2009:0345
SUSE-SR:2009:007
USN-743-1
USN-757-1
ghostscript-icclib-bo(49327)
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
https://bugzilla.redhat.com/show_bug.cgi?id=487744
https://issues.rpath.com/browse/RPL-2991

CWE    1
CWE-189
OVAL    21
oval:org.secpod.oval:def:700473
oval:org.secpod.oval:def:700359
oval:org.secpod.oval:def:600410
oval:org.mitre.oval:def:7813
...

© SecPod Technologies