Home > Vulnerability Database > CVE-2009-0792

Mend.io Vulnerability Database

CVE-2009-0792

Good to know:

Date: April 14, 2009

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.

Language: C

Severity Score

8.1

Related Resources (33)

Url: http://secunia.com/advisories/34732

Url: http://secunia.com/advisories/34711

Url: http://secunia.com/advisories/35569

Url: http://secunia.com/advisories/34373

Url: http://www.redhat.com/support/errata/RHSA-2009-0420.html

Url: http://security.gentoo.org/glsa/glsa-201412-17.xml

Url: http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm

Url: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html

Url: http://www.vupen.com/english/advisories/2009/1708

Url: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:096

Url: http://secunia.com/advisories/34667

Url: http://secunia.com/advisories/35559

Url: http://secunia.com/advisories/35416

Url: http://secunia.com/advisories/34726

Url: https://bugzilla.redhat.com/show_bug.cgi?id=491853

Url: http://www.securityfocus.com/archive/1/502757/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:095

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0792

Url: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0792

Url: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html

Url: https://access.redhat.com/security/cve/CVE-2009-0792

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/50381

Url: https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1

Url: http://www.redhat.com/support/errata/RHSA-2009-0421.html

Url: http://wiki.rpath.com/Advisories:rPSA-2009-0060

Url: http://secunia.com/advisories/34729

Url: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

Url: https://usn.ubuntu.com/757-1/

Url: https://www.mend.io/vulnerability-database/CVE-2009-0792

Severity Score

8.1

Weakness Type (CWE)

Numeric Errors

CWE-189

Top Fix

Upgrade Version

Upgrade to version ghostpdl-8.70

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-0792

Good to know:

Date: April 14, 2009

Language: C

Severity Score

Related Resources (33)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?