CVE-2009-0584

Summary

CVE	CVE-2009-0584
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-03-23 20:00:00 UTC
Updated	2018-10-10 19:29:00 UTC
Description	icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Risk And Classification

Problem Types: CWE-189

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Argyllcms	Cms	All	All	All	All
Application	Ghostscript	Ghostscript	0	All	All	All
Application	Ghostscript	Ghostscript	5.50	All	All	All
Application	Ghostscript	Ghostscript	7.05	All	All	All
Application	Ghostscript	Ghostscript	7.07	All	All	All
Application	Ghostscript	Ghostscript	8.0.1	All	All	All
Application	Ghostscript	Ghostscript	8.15	All	All	All
Application	Ghostscript	Ghostscript	8.15.2	All	All	All
Application	Ghostscript	Ghostscript	8.54	All	All	All
Application	Ghostscript	Ghostscript	8.56	All	All	All
Application	Ghostscript	Ghostscript	8.57	All	All	All
Application	Ghostscript	Ghostscript	8.60	All	All	All
Application	Ghostscript	Ghostscript	8.61	All	All	All
Application	Ghostscript	Ghostscript	0	All	All	All
Application	Ghostscript	Ghostscript	5.50	All	All	All
Application	Ghostscript	Ghostscript	7.05	All	All	All
Application	Ghostscript	Ghostscript	7.07	All	All	All
Application	Ghostscript	Ghostscript	8.0.1	All	All	All
Application	Ghostscript	Ghostscript	8.15	All	All	All
Application	Ghostscript	Ghostscript	8.15.2	All	All	All
Application	Ghostscript	Ghostscript	8.54	All	All	All
Application	Ghostscript	Ghostscript	8.56	All	All	All
Application	Ghostscript	Ghostscript	8.57	All	All	All
Application	Ghostscript	Ghostscript	8.60	All	All	All
Application	Ghostscript	Ghostscript	8.61	All	All	All
Application	Ghostscript	Ghostscript	All	All	All	All

References

Reference	Source	Link	Tags
Fedora update for argyllcms - Secunia.com	SECUNIA	secunia.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Red Hat Customer Portal	REDHAT	www.redhat.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
[SECURITY] Fedora 10 Update: ghostscript-8.63-5.fc10	FEDORA	www.redhat.com	Vendor Advisory
[SECURITY] Fedora 10 Update: argyllcms-1.0.3-3.fc10	FEDORA	www.redhat.com
SUSE Update for Multiple Packages - Advisories - Community	SECUNIA	secunia.com
52988	OSVDB	osvdb.org
USN-743-1: Ghostscript vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com
Ghostscript icclib Multiple Vulnerabilities - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Gentoo Bug 261087 - app-text/ghostscript-* ICC Library integer overflows (CVE-2009-0583,CVE-2009-0584)	CONFIRM	bugs.gentoo.org
Debian -- Security Information -- DSA-1746-1 ghostscript	DEBIAN	www.debian.org
Gentoo Linux Documentation -- Ghostscript: User-assisted execution of arbitrary code	GENTOO	www.gentoo.org
SecurityFocus	BUGTRAQ	www.securityfocus.com
Gentoo update for ghostscript - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
[SECURITY] Fedora 9 Update: argyllcms-1.0.3-3.fc9	FEDORA	www.redhat.com
Sun Solaris Ghostscript Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
Webmail \| OVH- OVH	VUPEN	www.vupen.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
Bug 487744 – CVE-2009-0584 ghostscript, argyllcms: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library	CONFIRM	bugzilla.redhat.com
Ubuntu update for ghostscript - Secunia.com	SECUNIA	secunia.com
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities	BID	www.securityfocus.com
Ghostscript Overflows in International Color Consortium Format Library Lets Users Execute Arbitrary Code - SecurityTracker	SECTRACK	securitytracker.com
ASA-2009-098 (RHSA-2009-0345)	CONFIRM	support.avaya.com
Red Hat update for ghostscript - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Ubuntu update for ghostscript - Advisories - Community	SECUNIA	secunia.com
Debian update for ghostscript - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
AusCERT - ESB-2009.0259 -- [UNIX/Linux][RedHat] -- Moderate: ghostscript security update	AUSCERT	www.auscert.org.au	US Government Resource
Support / Security / Advisories / / MDVSA-2009:095 \| Mandriva	MANDRIVA	www.mandriva.com
Support / Security / Advisories / / MDVSA-2009:096 \| Mandriva	MANDRIVA	www.mandriva.com
Advisories:rPSA-2009-0050 - rPath Wiki	CONFIRM	wiki.rpath.com
Fedora update for ghostscript - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
Sun Solaris 9 Ghostscript Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
USN-757-1: Ghostscript vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
Argyll Color Management System icclib Multiple Vulnerabilities - Advisories - Community	SECUNIA	secunia.com	Vendor Advisory
Repository / Oval Repository	OVAL	oval.cisecurity.org
issues.rpath.com/browse/RPL-2991	CONFIRM	issues.rpath.com
[SECURITY] Fedora 9 Update: ghostscript-8.63-2.fc9	FEDORA	www.redhat.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
262288	SUNALERT	sunsolve.sun.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:007	SUSE	lists.opensuse.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.