CVE-2009-0792: Buffer Overflow
First published: Tue Mar 24 2009(Updated: )
Multiple integer overflows and multiple insufficient upper-bounds checks on certain variable sizes were originally discovered in the Ghostscript's International Color Consortium Format Library (icclib). It was found, the original patch, addressing this issue was incomplete.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ghostscript | <0:7.07-33.2.el4_7.8 | 0:7.07-33.2.el4_7.8 |
| redhat/ghostscript | <0:8.15.2-9.4.el5_3.7 | 0:8.15.2-9.4.el5_3.7 |
| Ghostscript | <=8.64 | |
| Ghostscript | =5.50 | |
| Ghostscript | =7.05 | |
| Ghostscript | =7.07 | |
| Ghostscript | =8.0.1 | |
| Ghostscript | =8.15 | |
| Ghostscript | =8.15.2 | |
| Ghostscript | =8.54 | |
| Ghostscript | =8.56 | |
| Ghostscript | =8.57 | |
| Ghostscript | =8.61 | |
| Ghostscript | =8.62 | |
| Ghostscript | =8.63 | |
| Usualtool CMS | <=1.0.3 | |
| Usualtool CMS | =0.1.0 | |
| Usualtool CMS | =0.2.0 | |
| Usualtool CMS | =0.2.1 | |
| Usualtool CMS | =0.2.2 | |
| Usualtool CMS | =0.3.0 | |
| Usualtool CMS | =0.6.0 | |
| Usualtool CMS | =0.7.0-beta_8 | |
| Usualtool CMS | =1.0.0 | |
| Usualtool CMS | =1.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
- http://secunia.com/advisories/34373
- http://secunia.com/advisories/34667
- http://secunia.com/advisories/34711
- http://secunia.com/advisories/34726
- http://secunia.com/advisories/34729
- http://secunia.com/advisories/34732
- http://secunia.com/advisories/35416
- http://secunia.com/advisories/35559
- http://secunia.com/advisories/35569
- http://security.gentoo.org/glsa/glsa-201412-17.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm
- http://wiki.rpath.com/Advisories:rPSA-2009-0060
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
- http://www.redhat.com/support/errata/RHSA-2009-0420.html
- http://www.redhat.com/support/errata/RHSA-2009-0421.html
- http://www.securityfocus.com/archive/1/502757/100/0/threaded
- http://www.vupen.com/english/advisories/2009/1708
- https://bugzilla.redhat.com/show_bug.cgi?id=491853
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50381
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207
- https://usn.ubuntu.com/757-1/
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=338699&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=338699&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=338705&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=338705&action=edit
- https://access.redhat.com/security/cve/CVE-2009-0792
- https://rhn.redhat.com/errata/RHSA-2009-0421.html
- http://admin.fedoraproject.org/updates/ghostscript-8.63-3.fc9
- https://fedorahosted.org/rel-eng/ticket/1497
- http://admin.fedoraproject.org/updates/argyllcms-1.0.3-5.fc9
- http://admin.fedoraproject.org/updates/argyllcms-1.0.3-5.fc10
- https://www.cve.org/CVERecord?id=CVE-2009-0792 https://nvd.nist.gov/vuln/detail/CVE-2009-0792
- https://access.redhat.com/errata/RHSA-2009:0420
- https://access.redhat.com/errata/RHSA-2009:0421
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0792.json
Frequently Asked Questions
What is the severity of CVE-2009-0792?
CVE-2009-0792 has a high severity rating due to multiple integer overflows which could lead to potential code execution vulnerabilities.
How do I fix CVE-2009-0792?
To remediate CVE-2009-0792, update to the latest version of Ghostscript or apply the relevant patches provided by your software vendor.
Which versions of Ghostscript are affected by CVE-2009-0792?
CVE-2009-0792 affects multiple versions of Ghostscript, specifically those prior to 8.64 and includes versions such as 5.50, 7.05, 7.07, and 8.15, among others.
What kind of attacks can exploit CVE-2009-0792?
Exploitation of CVE-2009-0792 can enable attackers to execute arbitrary code remotely by processing specially crafted ICC format files.
Is there a permanent solution for CVE-2009-0792?
Yes, there is a permanent solution for CVE-2009-0792 by upgrading to patched versions of the Ghostscript software, thus eliminating the vulnerabilities.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-0792
- agent/severity
- agent/references
- agent/weakness
- collector/redhat-cve
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/description
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- package-manager/redhat
- vendor/ghostscript
- canonical/ghostscript
- version/ghostscript/8.64
- version/ghostscript/5.50
- version/ghostscript/7.05
- version/ghostscript/7.07
- version/ghostscript/8.0.1
- version/ghostscript/8.15
- version/ghostscript/8.15.2
- version/ghostscript/8.54
- version/ghostscript/8.56
- version/ghostscript/8.57
- version/ghostscript/8.61
- version/ghostscript/8.62
- version/ghostscript/8.63
- vendor/argyllcms
- canonical/usualtool cms
- version/usualtool cms/1.0.3
- version/usualtool cms/0.1.0
- version/usualtool cms/0.2.0
- version/usualtool cms/0.2.1
- version/usualtool cms/0.2.2
- version/usualtool cms/0.3.0
- version/usualtool cms/0.6.0
- version/usualtool cms/0.7.0-beta_8
- version/usualtool cms/1.0.0
- version/usualtool cms/1.0.2