CVE-2009-0583: Buffer Overflow
First published: Fri Feb 27 2009(Updated: )
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ghostscript | =7.07 | |
| Ghostscript | =8.62 | |
| Ghostscript | =8.57 | |
| Ghostscript | =8.54 | |
| Ghostscript | =7.05 | |
| Ghostscript | <=8.64 | |
| Ghostscript | =5.50 | |
| Ghostscript | =8.15 | |
| Ghostscript | =8.56 | |
| Ghostscript | =8.15.2 | |
| Ghostscript | =8.0.1 | |
| Ghostscript | =8.61 | |
| Ghostscript | =8.63 | |
| Usualtool CMS | =0.2.2 | |
| Usualtool CMS | <=1.0.3 | |
| Usualtool CMS | =0.6.0 | |
| Usualtool CMS | =0.1.0 | |
| Usualtool CMS | =0.7.0-beta_8 | |
| Usualtool CMS | =0.2.1 | |
| Usualtool CMS | =0.2.0 | |
| Usualtool CMS | =0.3.0 | |
| Usualtool CMS | =1.0.2 | |
| Usualtool CMS | =1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/34393
- https://bugzilla.redhat.com/show_bug.cgi?id=487742
- http://www.redhat.com/support/errata/RHSA-2009-0345.html
- http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
- http://securitytracker.com/id?1021868
- https://issues.rpath.com/browse/RPL-2991
- http://www.vupen.com/english/advisories/2009/0776
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html
- http://secunia.com/advisories/34373
- http://secunia.com/advisories/34398
- http://www.debian.org/security/2009/dsa-1746
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html
- http://www.vupen.com/english/advisories/2009/0777
- http://secunia.com/advisories/34381
- http://bugs.gentoo.org/show_bug.cgi?id=261087
- http://www.auscert.org.au/render.html?it=10666
- http://www.securityfocus.com/bid/34184
- http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
- http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
- http://secunia.com/advisories/34437
- http://www.vupen.com/english/advisories/2009/0816
- http://www.ubuntu.com/usn/USN-743-1
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://secunia.com/advisories/34418
- http://secunia.com/advisories/34266
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
- http://secunia.com/advisories/34469
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
- http://secunia.com/advisories/34443
- http://secunia.com/advisories/34729
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
- http://www.vupen.com/english/advisories/2009/1708
- http://secunia.com/advisories/35569
- http://secunia.com/advisories/35559
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49329
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795
- https://usn.ubuntu.com/757-1/
- http://www.securityfocus.com/archive/1/501994/100/0/threaded
- https://access.redhat.com/security/cve/CVE-2008-0583
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
- http://www.securityfocus.com/archive/1/archive/1/501994/100/0/threaded
- http://xforce.iss.net/xforce/xfdb/49329
Frequently Asked Questions
What is the severity of CVE-2009-0583?
CVE-2009-0583 has a moderate severity rating as it can lead to denial of service via heap-based buffer overflow.
How do I fix CVE-2009-0583?
To fix CVE-2009-0583, you should update Ghostscript or Argyll Color Management System to versions that are patched against this vulnerability.
What software is affected by CVE-2009-0583?
CVE-2009-0583 affects Ghostscript versions up to 8.64 and Argyll Color Management System versions up to 1.0.3.
What type of vulnerability is CVE-2009-0583?
CVE-2009-0583 is classified as an integer overflow vulnerability that can cause heap-based buffer overflows.
Who are the potential attackers for CVE-2009-0583?
CVE-2009-0583 can be exploited by context-dependent attackers who can leverage the vulnerability to crash the affected software.
- collector/redhat-bugzilla
- alias/CVE-2009-0583
- agent/type
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ghostscript
- canonical/ghostscript
- version/ghostscript/7.07
- version/ghostscript/8.62
- version/ghostscript/8.57
- version/ghostscript/8.54
- version/ghostscript/7.05
- version/ghostscript/8.64
- version/ghostscript/5.50
- version/ghostscript/8.15
- version/ghostscript/8.56
- version/ghostscript/8.15.2
- version/ghostscript/8.0.1
- version/ghostscript/8.61
- version/ghostscript/8.63
- vendor/argyllcms
- canonical/usualtool cms
- version/usualtool cms/0.2.2
- version/usualtool cms/1.0.3
- version/usualtool cms/0.6.0
- version/usualtool cms/0.1.0
- version/usualtool cms/0.7.0-beta_8
- version/usualtool cms/0.2.1
- version/usualtool cms/0.2.0
- version/usualtool cms/0.3.0
- version/usualtool cms/1.0.2
- version/usualtool cms/1.0.0