CVE-2009-0584
argyllcms: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
icc.c, perteneciente a la librería de formatos del International Color Consortium (ICC) (alias icclib), tal y como se utiliza en Ghostscript 8.64 y anteriores y Argyll Color Management System (CMS) 1.0.3 y anteriores, permite causar una denegación de servicio (con caída de la aplicación) a atacantes dependientes de contexto, o posiblemente ejecutar código arbitrario por medio de un fichero de dispositivo diseñado para procesar archivos de imagen con modificaciones relacionadas con valores enteros grandes para determinados tamaños, en relación con un perfil ICC en un (1) PostScript o (2) un archivo PDF con imágenes incrustadas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-02-13 CVE Reserved
- 2009-03-23 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (42)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Argyllcms Search vendor "Argyllcms" | Cms Search vendor "Argyllcms" for product "Cms" | <= 1.0.3 Search vendor "Argyllcms" for product "Cms" and version " <= 1.0.3" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | <= 8.64 Search vendor "Ghostscript" for product "Ghostscript" and version " <= 8.64" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 0 Search vendor "Ghostscript" for product "Ghostscript" and version "0" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 5.50 Search vendor "Ghostscript" for product "Ghostscript" and version "5.50" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 7.05 Search vendor "Ghostscript" for product "Ghostscript" and version "7.05" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 7.07 Search vendor "Ghostscript" for product "Ghostscript" and version "7.07" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 8.0.1 Search vendor "Ghostscript" for product "Ghostscript" and version "8.0.1" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 8.15 Search vendor "Ghostscript" for product "Ghostscript" and version "8.15" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 8.15.2 Search vendor "Ghostscript" for product "Ghostscript" and version "8.15.2" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 8.54 Search vendor "Ghostscript" for product "Ghostscript" and version "8.54" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 8.56 Search vendor "Ghostscript" for product "Ghostscript" and version "8.56" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 8.57 Search vendor "Ghostscript" for product "Ghostscript" and version "8.57" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 8.60 Search vendor "Ghostscript" for product "Ghostscript" and version "8.60" | - |
Affected
| ||||||
Ghostscript Search vendor "Ghostscript" | Ghostscript Search vendor "Ghostscript" for product "Ghostscript" | 8.61 Search vendor "Ghostscript" for product "Ghostscript" and version "8.61" | - |
Affected
|