Published: 23/03/2009 Updated: 10/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and previous versions and Argyll Color Management System (CMS) 1.0.3 and previous versions, allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ghostscript ghostscript 8.15.2
ghostscript ghostscript 8.60
ghostscript ghostscript 8.57
argyllcms cms
ghostscript ghostscript 8.0.1
ghostscript ghostscript 8.15
ghostscript ghostscript 7.07
ghostscript ghostscript 7.05
ghostscript ghostscript 8.61
ghostscript ghostscript 0
ghostscript ghostscript 5.50
ghostscript ghostscript
ghostscript ghostscript 8.56
ghostscript ghostscript 8.54

Synopsis Moderate: ghostscript security update Type/Severity Security Advisory: Moderate Topic Updated ghostscript packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Security Respons ...

Debian Bug report logs - #524803 ghostscript: multiple vulnerabilities Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Date: Mon, ...

Debian Bug report logs - #522416 ghostscript: CVE-2009-058{3,4} multiple integer overflows resulting in arbitrary code execution Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: Nico Golde ...

It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program (CVE-2007-6725) ...

It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program (CVE-2009-0583) ...

CVE-2009-0584

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect