Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-0583

Published: 23/03/2009 Updated: 13/02/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ghostscript

Vulnerability Summary

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and previous versions and Argyll Color Management System (CMS) 1.0.3 and previous versions, allow context-dependent malicious users to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Vulnerable Product Search on Vulmon Subscribe to Product

ghostscript ghostscript 7.07

ghostscript ghostscript 8.62

ghostscript ghostscript 8.57

ghostscript ghostscript 8.54

ghostscript ghostscript 7.05

ghostscript ghostscript

ghostscript ghostscript 5.50

ghostscript ghostscript 8.15

ghostscript ghostscript 8.56

ghostscript ghostscript 8.15.2

ghostscript ghostscript 8.0.1

ghostscript ghostscript 8.61

ghostscript ghostscript 8.63

argyllcms argyllcms 0.2.2

argyllcms argyllcms

argyllcms argyllcms 0.6.0

argyllcms argyllcms 0.1.0

argyllcms argyllcms 0.7.0

argyllcms argyllcms 0.2.1

argyllcms argyllcms 0.2.0

argyllcms argyllcms 0.3.0

argyllcms argyllcms 1.0.2

argyllcms argyllcms 1.0.0

Vendor Advisories

Debian CVElist Bug Report Logs: ghostscript: multiple vulnerabilities
Debian Bug report logs - #524803 ghostscript: multiple vulnerabilities Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Date: Mon, ...
Debian CVElist Bug Report Logs: ghostscript: CVE-2009-058{3,4} multiple integer overflows resulting in arbitrary code execution
Debian Bug report logs - #522416 ghostscript: CVE-2009-058{3,4} multiple integer overflows resulting in arbitrary code execution Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: Nico Golde ...
Ubuntu Security Notice: ghostscript, gs-esp, gs-gpl vulnerabilities
It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program (CVE-2007-6725) ...
Ubuntu Security Notice: ghostscript, gs-gpl vulnerabilities
It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program (CVE-2009-0583) ...
Red Hat: Moderate: ghostscript security update
Synopsis Moderate: ghostscript security update Type/Severity Security Advisory: Moderate Topic Updated ghostscript packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...
Red Hat: Moderate: ghostscript security update
Synopsis Moderate: ghostscript security update Type/Severity Security Advisory: Moderate Topic Updated ghostscript packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Security Respons ...
Red Hat: Moderate: ghostscript security update
Synopsis Moderate: ghostscript security update Type/Severity Security Advisory: Moderate Topic Updated ghostscript packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Te ...

References

CWE-119http://secunia.com/advisories/34393https://bugzilla.redhat.com/show_bug.cgi?id=487742http://www.redhat.com/support/errata/RHSA-2009-0345.htmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050http://securitytracker.com/id?1021868https://issues.rpath.com/browse/RPL-2991http://www.vupen.com/english/advisories/2009/0776https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.htmlhttp://secunia.com/advisories/34373http://secunia.com/advisories/34398http://www.debian.org/security/2009/dsa-1746https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.htmlhttp://www.vupen.com/english/advisories/2009/0777http://secunia.com/advisories/34381http://bugs.gentoo.org/show_bug.cgi?id=261087http://www.auscert.org.au/render.html?it=10666http://www.securityfocus.com/bid/34184http://www.gentoo.org/security/en/glsa/glsa-200903-37.xmlhttp://support.avaya.com/elmodocs2/security/ASA-2009-098.htmhttp://secunia.com/advisories/34437http://www.vupen.com/english/advisories/2009/0816http://www.ubuntu.com/usn/USN-743-1http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlhttp://secunia.com/advisories/34418http://secunia.com/advisories/34266https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.htmlhttp://secunia.com/advisories/34469https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.htmlhttp://secunia.com/advisories/34443http://secunia.com/advisories/34729http://www.mandriva.com/security/advisories?name=MDVSA-2009:095http://www.mandriva.com/security/advisories?name=MDVSA-2009:096http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1http://www.vupen.com/english/advisories/2009/1708http://secunia.com/advisories/35569http://secunia.com/advisories/35559https://exchange.xforce.ibmcloud.com/vulnerabilities/49329https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795https://usn.ubuntu.com/757-1/http://www.securityfocus.com/archive/1/501994/100/0/threadedhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524803https://usn.ubuntu.com/757-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook