CVE-2009-0584
Last modified
CVE-2009-0584 is a vulnerability of currently unknown severity. icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.. EPSS estimates a 4.07% chance of exploitation in the next 30 days.
Description
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Argyllcms | Cms | <= 1.0.3 |
| Ghostscript | Ghostscript | <= 8.64 |
| Ghostscript | Ghostscript | 0 |
| Ghostscript | Ghostscript | 5.50 |
| Ghostscript | Ghostscript | 7.05 |
| Ghostscript | Ghostscript | 7.07 |
| Ghostscript | Ghostscript | 8.0.1 |
| Ghostscript | Ghostscript | 8.15 |
| Ghostscript | Ghostscript | 8.15.2 |
| Ghostscript | Ghostscript | 8.54 |
| Ghostscript | Ghostscript | 8.56 |
| Ghostscript | Ghostscript | 8.57 |
| Ghostscript | Ghostscript | 8.60 |
| Ghostscript | Ghostscript | 8.61 |
References
- http://secunia.com/advisories/34373Vendor Advisory
- http://secunia.com/advisories/34381Vendor Advisory
- http://secunia.com/advisories/34393Vendor Advisory
- http://secunia.com/advisories/34398Vendor Advisory
- http://secunia.com/advisories/34437Vendor Advisory
- http://www.auscert.org.au/render.html?it=10666US Government Resource
- http://www.redhat.com/support/errata/RHSA-2009-0345.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2009/0776Vendor Advisory
- http://www.vupen.com/english/advisories/2009/0777Vendor Advisory
- http://www.vupen.com/english/advisories/2009/0816Vendor Advisory
- http://secunia.com/advisories/34373Vendor Advisory
- http://secunia.com/advisories/34381Vendor Advisory
- http://secunia.com/advisories/34393Vendor Advisory
- http://secunia.com/advisories/34398Vendor Advisory
- http://secunia.com/advisories/34437Vendor Advisory
- http://www.auscert.org.au/render.html?it=10666US Government Resource
- http://www.redhat.com/support/errata/RHSA-2009-0345.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2009/0776Vendor Advisory
- http://www.vupen.com/english/advisories/2009/0777Vendor Advisory
- http://www.vupen.com/english/advisories/2009/0816Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-0584?
How severe is CVE-2009-0584?
How do I fix CVE-2009-0584?
Are you affected by CVE-2009-0584?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST