CVE-2009-0792
Summary
| CVE | CVE-2009-0792 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-04-14 16:26:00 UTC |
| Updated | 2023-11-07 02:03:00 UTC |
| Description | Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583. |
Risk And Classification
Problem Types: CWE-189
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Argyllcms | Argyllcms | 0.1.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.2.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.2.1 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.2.2 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.3.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.6.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.7.0 | beta_8 | All | All |
| Application | Argyllcms | Argyllcms | 1.0.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 1.0.2 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.1.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.2.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.2.1 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.2.2 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.3.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.6.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 0.7.0 | beta_8 | All | All |
| Application | Argyllcms | Argyllcms | 1.0.0 | All | All | All |
| Application | Argyllcms | Argyllcms | 1.0.2 | All | All | All |
| Application | Argyllcms | Argyllcms | All | All | All | All |
| Application | Ghostscript | Ghostscript | 5.50 | All | All | All |
| Application | Ghostscript | Ghostscript | 7.05 | All | All | All |
| Application | Ghostscript | Ghostscript | 7.07 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.0.1 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.15 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.15.2 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.54 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.56 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.57 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.61 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.62 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.63 | All | All | All |
| Application | Ghostscript | Ghostscript | 5.50 | All | All | All |
| Application | Ghostscript | Ghostscript | 7.05 | All | All | All |
| Application | Ghostscript | Ghostscript | 7.07 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.0.1 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.15 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.15.2 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.54 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.56 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.57 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.61 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.62 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.63 | All | All | All |
| Application | Ghostscript | Ghostscript | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Fedora update for ghostscript - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| [SECURITY] Fedora 10 Update: argyllcms-1.0.3-4.fc10 | FEDORA | www.redhat.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:009 | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 9 Update: argyllcms-1.0.3-4.fc9 | FEDORA | www.redhat.com | |
| Gentoo Linux Documentation -- GPL Ghostscript: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| Red Hat update for ghostscript - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Sun Solaris Ghostscript Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Fedora update for argyllcms - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail | OVH- OVH | VUPEN | www.vupen.com | |
| Support | REDHAT | www.redhat.com | |
| Ubuntu update for ghostscript - Advisories - Community | SECUNIA | secunia.com | |
| wiki.rpath.com/Advisories:rPSA-2009-0060 | CONFIRM | wiki.rpath.com | |
| SUSE Update for Multiple Packages - Advisories - Community | SECUNIA | secunia.com | |
| Red Hat update for ghostscript - Advisories - Community | SECUNIA | secunia.com | |
| Support / Security / Advisories / / MDVSA-2009:095 | Mandriva | MANDRIVA | www.mandriva.com | |
| Support / Security / Advisories / / MDVSA-2009:096 | Mandriva | MANDRIVA | www.mandriva.com | |
| [SECURITY] Fedora 10 Update: ghostscript-8.63-6.fc10 | FEDORA | www.redhat.com | |
| Sun Solaris 9 Ghostscript Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| ASA-2009-155 (RHSA-2009-0420) | CONFIRM | support.avaya.com | |
| USN-757-1: Ghostscript vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Argyll Color Management System icclib Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Support | REDHAT | www.redhat.com | |
| [SECURITY] Fedora 9 Update: ghostscript-8.63-3.fc9 | FEDORA | www.redhat.com | |
| 262288 | SUNALERT | sunsolve.sun.com | |
| 491853 – (CVE-2009-0792) CVE-2009-0792 ghostscript, argyllcms: Incomplete fix for CVE-2009-0583 | CONFIRM | bugzilla.redhat.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:011 | SUSE | lists.opensuse.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.