CVE-2009-0792

2009-04-1400:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.012

Percentile

85.0%

JSON

Multiple integer overflows in icc.c in the International Color Consortium
(ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier
and Argyll Color Management System (CMS) 1.0.3 and earlier, allow
context-dependent attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly execute arbitrary code by using
a device file for a translation request that operates on a crafted image
file and targets a certain “native color space,” related to an ICC profile
in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue
exists because of an incomplete fix for CVE-2009-0583.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchghostscript< 8.61.dfsg.1-1ubuntu3.2UNKNOWN
ubuntu8.10noarchghostscript< 8.63.dfsg.1-0ubuntu6.4UNKNOWN
ubuntu9.04noarchghostscript< 8.64.dfsg.1-0ubuntu8UNKNOWN
ubuntu9.10noarchghostscript< 8.64.dfsg.1-0ubuntu8UNKNOWN
ubuntu6.06noarchgs-esp< 8.15.2.dfsg.0ubuntu1-0ubuntu1.2UNKNOWN
ubuntu6.06noarchgs-gpl< 8.15-4ubuntu3.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	ghostscript	< 8.61.dfsg.1-1ubuntu3.2	UNKNOWN
ubuntu	8.10	noarch	ghostscript	< 8.63.dfsg.1-0ubuntu6.4	UNKNOWN
ubuntu	9.04	noarch	ghostscript	< 8.64.dfsg.1-0ubuntu8	UNKNOWN
ubuntu	9.10	noarch	ghostscript	< 8.64.dfsg.1-0ubuntu8	UNKNOWN
ubuntu	6.06	noarch	gs-esp	< 8.15.2.dfsg.0ubuntu1-0ubuntu1.2	UNKNOWN
ubuntu	6.06	noarch	gs-gpl	< 8.15-4ubuntu3.3	UNKNOWN