Home > Vulnerability Database > CVE-2009-0583

Mend.io Vulnerability Database

CVE-2009-0583

Good to know:

Date: March 23, 2009

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Language: C

Severity Score

8.1

Related Resources (43)

Url: http://secunia.com/advisories/35569

Url: http://secunia.com/advisories/34437

Url: http://secunia.com/advisories/34418

Url: http://secunia.com/advisories/34393

Url: http://www.ubuntu.com/usn/USN-743-1

Url: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=487742

Url: http://secunia.com/advisories/34373

Url: https://issues.rpath.com/browse/RPL-2991

Url: http://bugs.gentoo.org/show_bug.cgi?id=261087

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0583

Url: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html

Url: http://secunia.com/advisories/34398

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/49329

Url: http://www.securityfocus.com/bid/34184

Url: https://access.redhat.com/security/cve/CVE-2009-0583

Url: http://www.redhat.com/support/errata/RHSA-2009-0345.html

Url: http://www.vupen.com/english/advisories/2009/1708

Url: http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm

Url: http://secunia.com/advisories/34381

Url: http://www.securityfocus.com/archive/1/501994/100/0/threaded

Url: http://securitytracker.com/id?1021868

Url: http://www.vupen.com/english/advisories/2009/0777

Url: http://www.vupen.com/english/advisories/2009/0776

Url: http://www.vupen.com/english/advisories/2009/0816

Url: http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:096

Url: http://www.auscert.org.au/render.html?it=10666

Url: http://secunia.com/advisories/34469

Url: http://secunia.com/advisories/35559

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795

Url: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html

Url: http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml

Url: http://www.debian.org/security/2009/dsa-1746

Url: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:095

Url: http://secunia.com/advisories/34266

Url: http://secunia.com/advisories/34443

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1

Url: http://secunia.com/advisories/34729

Url: http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

Url: https://usn.ubuntu.com/757-1/

Url: https://www.mend.io/vulnerability-database/CVE-2009-0583

Severity Score

8.1

Weakness Type (CWE)

Buffer Errors

CWE-119

Top Fix

Upgrade Version

Upgrade to version ghostpdl-8.70

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-0583

Good to know:

Date: March 23, 2009

Language: C

Severity Score

Related Resources (43)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?