Vulnerability Description
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Argyllcms | Cms | <= 1.0.3 |
| Ghostscript | Ghostscript | <= 8.64 |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/show_bug.cgi?id=261087
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://osvdb.org/52988
- http://secunia.com/advisories/34266
- http://secunia.com/advisories/34373Vendor Advisory
- http://secunia.com/advisories/34381Vendor Advisory
- http://secunia.com/advisories/34393Vendor Advisory
- http://secunia.com/advisories/34398Vendor Advisory
- http://secunia.com/advisories/34418
- http://secunia.com/advisories/34437Vendor Advisory
- http://secunia.com/advisories/34443
- http://secunia.com/advisories/34469
- http://secunia.com/advisories/34729
- http://secunia.com/advisories/35559
- http://secunia.com/advisories/35569
FAQ
What is CVE-2009-0584?
CVE-2009-0584 is a vulnerability with a CVSS score of 9.3 (HIGH). icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-depend...
How severe is CVE-2009-0584?
CVE-2009-0584 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0584?
Check the references section above for vendor advisories and patch information. Affected products include: Argyllcms Cms, Ghostscript Ghostscript.