CVE-2009-0584

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

References

http://bugs.gentoo.org/show_bug.cgi?id=261087

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

http://osvdb.org/52988

http://secunia.com/advisories/34266

http://secunia.com/advisories/34373

http://secunia.com/advisories/34381

http://secunia.com/advisories/34393

http://secunia.com/advisories/34398

http://secunia.com/advisories/34418

http://secunia.com/advisories/34437

http://secunia.com/advisories/34443

http://secunia.com/advisories/34469

http://secunia.com/advisories/34729

http://secunia.com/advisories/35559

http://secunia.com/advisories/35569

http://securitytracker.com/id?1021868

http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1

http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050

http://www.auscert.org.au/render.html?it=10666

http://www.debian.org/security/2009/dsa-1746

http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2009:095

http://www.mandriva.com/security/advisories?name=MDVSA-2009:096

http://www.redhat.com/support/errata/RHSA-2009-0345.html

http://www.securityfocus.com/archive/1/501994/100/0/threaded

http://www.securityfocus.com/bid/34184

http://www.ubuntu.com/usn/USN-743-1

http://www.vupen.com/english/advisories/2009/0776

http://www.vupen.com/english/advisories/2009/0777

http://www.vupen.com/english/advisories/2009/0816

http://www.vupen.com/english/advisories/2009/1708

https://bugzilla.redhat.com/show_bug.cgi?id=487744

https://exchange.xforce.ibmcloud.com/vulnerabilities/49327

https://issues.rpath.com/browse/RPL-2991

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544

https://usn.ubuntu.com/757-1/

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html

Details

Source: MITRE

Published: 2009-03-23

Updated: 2018-10-10

Type: CWE-189

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
78232F5 Networks BIG-IP : icclib vulnerabilities (SOL9990)NessusF5 Networks Local Security Checks
high
67823Oracle Linux 3 / 4 / 5 : ghostscript (ELSA-2009-0345)NessusOracle Linux Local Security Checks
high
60549Scientific Linux Security Update : ghostscript on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
42997Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:311)NessusMandriva Local Security Checks
critical
41512SuSE 10 Security Update : Ghostscript (ZYPP Patch Number 6066)NessusSuSE Local Security Checks
high
41394SuSE 11 Security Update : Ghostscript (SAT Patch Number 636)NessusSuSE Local Security Checks
high
41285SuSE9 Security Update : Ghostscript (YOU Patch Number 12375)NessusSuSE Local Security Checks
high
40219openSUSE Security Update : ghostscript-devel (ghostscript-devel-592)NessusSuSE Local Security Checks
high
39967openSUSE Security Update : ghostscript-devel (ghostscript-devel-592)NessusSuSE Local Security Checks
high
39567Slackware 12.1 / 12.2 / current : ghostscript (SSA:2009-181-01)NessusSlackware Local Security Checks
high
38164Mandriva Linux Security Advisory : ghostscript (MDVSA-2009:095)NessusMandriva Local Security Checks
high
37905Fedora 10 : ghostscript-8.63-5.fc10 (2009-2885)NessusFedora Local Security Checks
high
37438Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : ghostscript, gs-esp, gs-gpl vulnerabilities (USN-757-1)NessusUbuntu Local Security Checks
high
37323Fedora 10 : argyllcms-1.0.3-3.fc10 (2009-3011)NessusFedora Local Security Checks
high
36471Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : ghostscript, gs-gpl vulnerabilities (USN-743-1)NessusUbuntu Local Security Checks
high
36024Fedora 9 : argyllcms-1.0.3-3.fc9 (2009-3031)NessusFedora Local Security Checks
high
36004openSUSE 10 Security Update : ghostscript-devel (ghostscript-devel-6065)NessusSuSE Local Security Checks
high
36003GLSA-200903-37 : Ghostscript: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
35983Fedora 9 : ghostscript-8.63-2.fc9 (2009-2883)NessusFedora Local Security Checks
high
35972RHEL 3 / 4 / 5 : ghostscript (RHSA-2009:0345)NessusRed Hat Local Security Checks
high
35968Debian DSA-1746-1 : ghostscript - several vulnerabilitiesNessusDebian Local Security Checks
high
35966CentOS 3 / 4 : ghostscript (CESA-2009:0345)NessusCentOS Local Security Checks
high