[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0584Date: (C)2009-03-23   (M)2023-12-28


icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1021868
http://www.securityfocus.com/archive/1/501994/100/0/threaded
SUNALERT-262288
BID-34184
SECUNIA-34266
SECUNIA-34373
SECUNIA-34381
SECUNIA-34393
SECUNIA-34398
SECUNIA-34418
SECUNIA-34437
SECUNIA-34443
SECUNIA-34469
SECUNIA-34729
SECUNIA-35559
SECUNIA-35569
OSVDB-52988
ADV-2009-0776
ADV-2009-0777
ADV-2009-0816
ADV-2009-1708
DSA-1746
ESB-2009.0259
FEDORA-2009-2883
FEDORA-2009-2885
FEDORA-2009-3011
FEDORA-2009-3031
GLSA-200903-37
MDVSA-2009:095
MDVSA-2009:096
RHSA-2009:0345
SUSE-SR:2009:007
USN-743-1
USN-757-1
ghostscript-icclib-bo(49327)
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
https://bugzilla.redhat.com/show_bug.cgi?id=487744
https://issues.rpath.com/browse/RPL-2991
oval:org.mitre.oval:def:10544

CPE    1
cpe:/a:ghostscript:ghostscript
CWE    1
CWE-189
OVAL    21
oval:org.secpod.oval:def:600410
oval:org.secpod.oval:def:200514
oval:org.secpod.oval:def:200577
oval:org.secpod.oval:def:202718
...

© SecPod Technologies