1. Home
  2. CVE Database
  3. CVE-2009-0792
HIGH · 9.3

CVE-2009-0792

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and ...

Vulnerability Description

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
GhostscriptGhostscript<= 8.64
ArgyllcmsArgyllcms<= 1.0.3

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2009-0792?

CVE-2009-0792 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and ...

How severe is CVE-2009-0792?

CVE-2009-0792 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0792?

Check the references section above for vendor advisories and patch information. Affected products include: Ghostscript Ghostscript, Argyllcms Argyllcms.