CVE-2009-0584
Vulnerability from cvelistv5
Published
2009-03-23 19:26
Modified
2024-08-07 04:40
Severity ?
Summary
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
secalert@redhat.comhttp://bugs.gentoo.org/show_bug.cgi?id=261087
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
secalert@redhat.comhttp://osvdb.org/52988
secalert@redhat.comhttp://secunia.com/advisories/34266
secalert@redhat.comhttp://secunia.com/advisories/34373Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/34381Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/34393Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/34398Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/34418
secalert@redhat.comhttp://secunia.com/advisories/34437Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/34443
secalert@redhat.comhttp://secunia.com/advisories/34469
secalert@redhat.comhttp://secunia.com/advisories/34729
secalert@redhat.comhttp://secunia.com/advisories/35559
secalert@redhat.comhttp://secunia.com/advisories/35569
secalert@redhat.comhttp://securitytracker.com/id?1021868
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
secalert@redhat.comhttp://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
secalert@redhat.comhttp://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
secalert@redhat.comhttp://www.auscert.org.au/render.html?it=10666US Government Resource
secalert@redhat.comhttp://www.debian.org/security/2009/dsa-1746
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:095
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:096
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-0345.htmlVendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/501994/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/34184
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-743-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/0776Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/0777Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/0816Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/1708
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=487744
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/49327
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-2991
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
secalert@redhat.comhttps://usn.ubuntu.com/757-1/
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.htmlVendor Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.htmlVendor Advisory
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
secalert@redhat.comhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=261087
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/52988
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34266
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34373Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34381Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34393Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34398Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34418
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34437Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34443
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34469
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34729
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35559
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35569
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1021868
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
af854a3a-2127-422b-91ae-364da2661108http://www.auscert.org.au/render.html?it=10666US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1746
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-0345.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/501994/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34184
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-743-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0776Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0777Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0816Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1708
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=487744
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49327
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2991
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/757-1/
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "34381",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34381"
          },
          {
            "name": "SUSE-SR:2009:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
          },
          {
            "name": "34437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34437"
          },
          {
            "name": "34393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34393"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
          },
          {
            "name": "GLSA-200903-37",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
          },
          {
            "name": "1021868",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021868"
          },
          {
            "name": "34266",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34266"
          },
          {
            "name": "34443",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34443"
          },
          {
            "name": "FEDORA-2009-3031",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
          },
          {
            "name": "DSA-1746",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1746"
          },
          {
            "name": "52988",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/52988"
          },
          {
            "name": "ESB-2009.0259",
            "tags": [
              "third-party-advisory",
              "x_refsource_AUSCERT",
              "x_transferred"
            ],
            "url": "http://www.auscert.org.au/render.html?it=10666"
          },
          {
            "name": "ADV-2009-0776",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0776"
          },
          {
            "name": "oval:org.mitre.oval:def:10544",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544"
          },
          {
            "name": "FEDORA-2009-2885",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
          },
          {
            "name": "262288",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
          },
          {
            "name": "FEDORA-2009-3011",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
          },
          {
            "name": "34418",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34418"
          },
          {
            "name": "34729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34729"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2991"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744"
          },
          {
            "name": "MDVSA-2009:095",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
          },
          {
            "name": "ADV-2009-0816",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0816"
          },
          {
            "name": "34469",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34469"
          },
          {
            "name": "35569",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35569"
          },
          {
            "name": "ADV-2009-1708",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1708"
          },
          {
            "name": "ghostscript-icclib-bo(49327)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327"
          },
          {
            "name": "34184",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34184"
          },
          {
            "name": "MDVSA-2009:096",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
          },
          {
            "name": "35559",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35559"
          },
          {
            "name": "34373",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34373"
          },
          {
            "name": "34398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34398"
          },
          {
            "name": "USN-757-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/757-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
          },
          {
            "name": "RHSA-2009:0345",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
          },
          {
            "name": "FEDORA-2009-2883",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
          },
          {
            "name": "ADV-2009-0777",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0777"
          },
          {
            "name": "20090319 rPSA-2009-0050-1 ghostscript",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
          },
          {
            "name": "USN-743-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-743-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "34381",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34381"
        },
        {
          "name": "SUSE-SR:2009:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
        },
        {
          "name": "34437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34437"
        },
        {
          "name": "34393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34393"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
        },
        {
          "name": "GLSA-200903-37",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
        },
        {
          "name": "1021868",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021868"
        },
        {
          "name": "34266",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34266"
        },
        {
          "name": "34443",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34443"
        },
        {
          "name": "FEDORA-2009-3031",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
        },
        {
          "name": "DSA-1746",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1746"
        },
        {
          "name": "52988",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/52988"
        },
        {
          "name": "ESB-2009.0259",
          "tags": [
            "third-party-advisory",
            "x_refsource_AUSCERT"
          ],
          "url": "http://www.auscert.org.au/render.html?it=10666"
        },
        {
          "name": "ADV-2009-0776",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0776"
        },
        {
          "name": "oval:org.mitre.oval:def:10544",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544"
        },
        {
          "name": "FEDORA-2009-2885",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
        },
        {
          "name": "262288",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
        },
        {
          "name": "FEDORA-2009-3011",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
        },
        {
          "name": "34418",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34418"
        },
        {
          "name": "34729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34729"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2991"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744"
        },
        {
          "name": "MDVSA-2009:095",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
        },
        {
          "name": "ADV-2009-0816",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0816"
        },
        {
          "name": "34469",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34469"
        },
        {
          "name": "35569",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35569"
        },
        {
          "name": "ADV-2009-1708",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1708"
        },
        {
          "name": "ghostscript-icclib-bo(49327)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327"
        },
        {
          "name": "34184",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34184"
        },
        {
          "name": "MDVSA-2009:096",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
        },
        {
          "name": "35559",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35559"
        },
        {
          "name": "34373",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34373"
        },
        {
          "name": "34398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34398"
        },
        {
          "name": "USN-757-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/757-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
        },
        {
          "name": "RHSA-2009:0345",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
        },
        {
          "name": "FEDORA-2009-2883",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
        },
        {
          "name": "ADV-2009-0777",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0777"
        },
        {
          "name": "20090319 rPSA-2009-0050-1 ghostscript",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
        },
        {
          "name": "USN-743-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-743-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0584",
    "datePublished": "2009-03-23T19:26:00",
    "dateReserved": "2009-02-13T00:00:00",
    "dateUpdated": "2024-08-07T04:40:05.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0584\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-03-23T20:00:00.377\",\"lastModified\":\"2024-11-21T01:00:24.630\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.\"},{\"lang\":\"es\",\"value\":\"icc.c, perteneciente a la librer\u00eda de formatos del International Color Consortium (ICC) (alias icclib), tal y como se utiliza en Ghostscript 8.64 y anteriores y Argyll Color Management System (CMS) 1.0.3 y anteriores, permite causar una denegaci\u00f3n de servicio (con ca\u00edda de la aplicaci\u00f3n) a atacantes dependientes de contexto, o posiblemente ejecutar c\u00f3digo arbitrario por medio de un fichero de dispositivo dise\u00f1ado para procesar archivos de imagen con modificaciones relacionadas con valores enteros grandes para  determinados tama\u00f1os, en relaci\u00f3n con un perfil ICC en un (1) PostScript o (2) un archivo PDF con im\u00e1genes incrustadas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:argyllcms:cms:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.3\",\"matchCriteriaId\":\"E37C8B4A-24A1-420A-A82F-190B3D343C68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.64\",\"matchCriteriaId\":\"06B00D31-6A9C-44C2-AF0F-36F91CADCF04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E68242D-465A-443F-9D25-BE57F9080394\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9ECC8F7-93FD-427D-8395-F1B025CA4322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63082C3-15B6-4DD8-8818-BFD61B054B08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9877DC36-5151-43C9-864D-BE7939A0304D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F9F0F0A-E413-42CC-B67D-434EC6A92543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DA7298B-2552-45DF-AE6B-FC71ACF623E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87A234A3-5FF9-4567-A731-3FFCD1965C60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2916811-2ABD-4CC4-829B-AE805BA1BC6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B283683-D924-4C69-87F3-355ECC0DBA4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B\"}]}]}],\"references\":[{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=261087\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/52988\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34266\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34373\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34381\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34393\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34398\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34437\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34443\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34469\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34729\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35559\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35569\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1021868\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.auscert.org.au/render.html?it=10666\",\"source\":\"secalert@redhat.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1746\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:095\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:096\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0345.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/501994/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/34184\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-743-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0776\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0777\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0816\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1708\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=487744\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49327\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.rpath.com/browse/RPL-2991\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://usn.ubuntu.com/757-1/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=261087\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/52988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34266\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34373\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34398\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34418\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34437\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35569\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1021868\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.auscert.org.au/render.html?it=10666\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-0345.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/501994/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-743-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0776\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1708\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=487744\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-2991\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/757-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.