[email protected]NVD:CVE-2009-0583

HistoryMar 23, 2009 - 8:00 p.m.

CVE-2009-0583

2009-03-2320:00:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain “native color space,” related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Affected configurations

Nvd

Node

ghostscriptghostscriptRange≤8.64

ghostscriptghostscriptMatch5.50

ghostscriptghostscriptMatch7.05

ghostscriptghostscriptMatch7.07

ghostscriptghostscriptMatch8.0.1

ghostscriptghostscriptMatch8.15

ghostscriptghostscriptMatch8.15.2

ghostscriptghostscriptMatch8.54

ghostscriptghostscriptMatch8.56

ghostscriptghostscriptMatch8.57

ghostscriptghostscriptMatch8.61

ghostscriptghostscriptMatch8.62

ghostscriptghostscriptMatch8.63

Node

argyllcmsargyllcmsRange≤1.0.3

argyllcmsargyllcmsMatch0.1.0

argyllcmsargyllcmsMatch0.2.0

argyllcmsargyllcmsMatch0.2.1

argyllcmsargyllcmsMatch0.2.2

argyllcmsargyllcmsMatch0.3.0

argyllcmsargyllcmsMatch0.6.0

argyllcmsargyllcmsMatch0.7.0beta_8

argyllcmsargyllcmsMatch1.0.0

argyllcmsargyllcmsMatch1.0.2

References

bugs.gentoo.org/show_bug.cgi?id=261087

lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

secunia.com/advisories/34266

secunia.com/advisories/34373

secunia.com/advisories/34381

secunia.com/advisories/34393

secunia.com/advisories/34398

secunia.com/advisories/34418

secunia.com/advisories/34437

secunia.com/advisories/34443

secunia.com/advisories/34469

secunia.com/advisories/34729

secunia.com/advisories/35559

secunia.com/advisories/35569

securitytracker.com/id?1021868

sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1

support.avaya.com/elmodocs2/security/ASA-2009-098.htm

wiki.rpath.com/wiki/Advisories:rPSA-2009-0050

www.auscert.org.au/render.html?it=10666

www.debian.org/security/2009/dsa-1746

www.gentoo.org/security/en/glsa/glsa-200903-37.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:095

www.mandriva.com/security/advisories?name=MDVSA-2009:096

www.redhat.com/support/errata/RHSA-2009-0345.html

www.securityfocus.com/archive/1/501994/100/0/threaded

www.securityfocus.com/bid/34184

www.ubuntu.com/usn/USN-743-1

www.vupen.com/english/advisories/2009/0776

www.vupen.com/english/advisories/2009/0777

www.vupen.com/english/advisories/2009/0816

www.vupen.com/english/advisories/2009/1708

bugzilla.redhat.com/show_bug.cgi?id=487742

exchange.xforce.ibmcloud.com/vulnerabilities/49329

issues.rpath.com/browse/RPL-2991

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795

usn.ubuntu.com/757-1/

www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Related for NVD:CVE-2009-0583

debiancve2 ubuntucve2 cvelist2 fedora11 veracode1 openvas82 prion2 cve2 nessus34 osv1 redhat1 f52 gentoo1 securityvulns2 ubuntu2 seebug1 debian1 nvd1 oraclelinux1 centos1 slackware1