CVE-2009-0584

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://osvdb.org/52988
http://secunia.com/advisories/34266
http://secunia.com/advisories/34373	Vendor Advisory
http://secunia.com/advisories/34381	Vendor Advisory
http://secunia.com/advisories/34393	Vendor Advisory
http://secunia.com/advisories/34398	Vendor Advisory
http://secunia.com/advisories/34418
http://secunia.com/advisories/34437	Vendor Advisory
http://secunia.com/advisories/34443
http://secunia.com/advisories/34469
http://secunia.com/advisories/34729
http://secunia.com/advisories/35559
http://secunia.com/advisories/35569
http://securitytracker.com/id?1021868
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
http://www.auscert.org.au/render.html?it=10666	US Government Resource
http://www.debian.org/security/2009/dsa-1746
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
http://www.redhat.com/support/errata/RHSA-2009-0345.html	Vendor Advisory
http://www.securityfocus.com/archive/1/501994/100/0/threaded
http://www.securityfocus.com/bid/34184
http://www.ubuntu.com/usn/USN-743-1
http://www.vupen.com/english/advisories/2009/0776	Vendor Advisory
http://www.vupen.com/english/advisories/2009/0777	Vendor Advisory
http://www.vupen.com/english/advisories/2009/0816	Vendor Advisory
http://www.vupen.com/english/advisories/2009/1708
https://bugzilla.redhat.com/show_bug.cgi?id=487744
https://exchange.xforce.ibmcloud.com/vulnerabilities/49327
https://issues.rpath.com/browse/RPL-2991
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
https://usn.ubuntu.com/757-1/
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html	Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html	Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
http://bugs.gentoo.org/show_bug.cgi?id=261087
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://osvdb.org/52988
http://secunia.com/advisories/34266
http://secunia.com/advisories/34373	Vendor Advisory
http://secunia.com/advisories/34381	Vendor Advisory
http://secunia.com/advisories/34393	Vendor Advisory
http://secunia.com/advisories/34398	Vendor Advisory
http://secunia.com/advisories/34418
http://secunia.com/advisories/34437	Vendor Advisory
http://secunia.com/advisories/34443
http://secunia.com/advisories/34469
http://secunia.com/advisories/34729
http://secunia.com/advisories/35559
http://secunia.com/advisories/35569
http://securitytracker.com/id?1021868
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
http://www.auscert.org.au/render.html?it=10666	US Government Resource
http://www.debian.org/security/2009/dsa-1746
http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
http://www.redhat.com/support/errata/RHSA-2009-0345.html	Vendor Advisory
http://www.securityfocus.com/archive/1/501994/100/0/threaded
http://www.securityfocus.com/bid/34184
http://www.ubuntu.com/usn/USN-743-1
http://www.vupen.com/english/advisories/2009/0776	Vendor Advisory
http://www.vupen.com/english/advisories/2009/0777	Vendor Advisory
http://www.vupen.com/english/advisories/2009/0816	Vendor Advisory
http://www.vupen.com/english/advisories/2009/1708
https://bugzilla.redhat.com/show_bug.cgi?id=487744
https://exchange.xforce.ibmcloud.com/vulnerabilities/49327
https://issues.rpath.com/browse/RPL-2991
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
https://usn.ubuntu.com/757-1/
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html	Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html	Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:argyllcms:cms::::::::
	cpe:2.3:a:ghostscript:ghostscript::::::::
	cpe:2.3:a:ghostscript:ghostscript:0:::::::*
	cpe:2.3:a:ghostscript:ghostscript:5.50:::::::*
	cpe:2.3:a:ghostscript:ghostscript:7.05:::::::*
	cpe:2.3:a:ghostscript:ghostscript:7.07:::::::*
	cpe:2.3:a:ghostscript:ghostscript:8.0.1:::::::*
	cpe:2.3:a:ghostscript:ghostscript:8.15:::::::*
	cpe:2.3:a:ghostscript:ghostscript:8.15.2:::::::*
	cpe:2.3:a:ghostscript:ghostscript:8.54:::::::*
	cpe:2.3:a:ghostscript:ghostscript:8.56:::::::*
	cpe:2.3:a:ghostscript:ghostscript:8.57:::::::*
	cpe:2.3:a:ghostscript:ghostscript:8.60:::::::*
	cpe:2.3:a:ghostscript:ghostscript:8.61:::::::*

History

21 Nov 2024, 01:00

Information

Published : 2009-03-23 20:00

Updated : 2024-11-21 01:00

NVD link : CVE-2009-0584

Mitre link : CVE-2009-0584

CVE.ORG link : CVE-2009-0584

JSON object : View

Products Affected

argyllcms

ghostscript

ghostscript

CWE

CWE-189

Numeric Errors

{"id": "CVE-2009-0584", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-03-23T20:00:00.377", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/52988", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34266", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34373", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34381", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34393", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34398", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34418", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34437", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34443", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34469", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34729", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/35559", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/35569", "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1021868", "source": "secalert@redhat.com"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1", "source": "secalert@redhat.com"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm", "source": "secalert@redhat.com"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050", "source": "secalert@redhat.com"}, {"url": "http://www.auscert.org.au/render.html?it=10666", "tags": ["US Government Resource"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2009/dsa-1746", "source": "secalert@redhat.com"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/34184", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-743-1", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0776", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0777", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0816", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1708", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327", "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-2991", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544", "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/757-1/", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html", "source": "secalert@redhat.com"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/52988", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34266", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34373", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34381", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34393", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34398", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34418", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34437", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34443", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34469", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34729", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/35559", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/35569", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1021868", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.auscert.org.au/render.html?it=10666", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2009/dsa-1746", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34184", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-743-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/0776", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/0777", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/0816", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/1708", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.rpath.com/browse/RPL-2991", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/757-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."}, {"lang": "es", "value": "icc.c, perteneciente a la librer\u00eda de formatos del International Color Consortium (ICC) (alias icclib), tal y como se utiliza en Ghostscript 8.64 y anteriores y Argyll Color Management System (CMS) 1.0.3 y anteriores, permite causar una denegaci\u00f3n de servicio (con ca\u00edda de la aplicaci\u00f3n) a atacantes dependientes de contexto, o posiblemente ejecutar c\u00f3digo arbitrario por medio de un fichero de dispositivo dise\u00f1ado para procesar archivos de imagen con modificaciones relacionadas con valores enteros grandes para determinados tama\u00f1os, en relaci\u00f3n con un perfil ICC en un (1) PostScript o (2) un archivo PDF con im\u00e1genes incrustadas."}], "lastModified": "2024-11-21T01:00:24.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:argyllcms:cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E37C8B4A-24A1-420A-A82F-190B3D343C68", "versionEndIncluding": "1.0.3"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06B00D31-6A9C-44C2-AF0F-36F91CADCF04", "versionEndIncluding": "8.64"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E68242D-465A-443F-9D25-BE57F9080394"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9ECC8F7-93FD-427D-8395-F1B025CA4322"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E63082C3-15B6-4DD8-8818-BFD61B054B08"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DA7298B-2552-45DF-AE6B-FC71ACF623E1"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87A234A3-5FF9-4567-A731-3FFCD1965C60"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2916811-2ABD-4CC4-829B-AE805BA1BC6F"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B283683-D924-4C69-87F3-355ECC0DBA4B"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

9.3 /10