CVE-2009-0583 Information

Description

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib) as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \native color space\ related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=261087 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://secunia.com/advisories/34266 http://secunia.com/advisories/34373 http://secunia.com/advisories/34381 http://secunia.com/advisories/34393 http://secunia.com/advisories/34398 http://secunia.com/advisories/34418 http://secunia.com/advisories/34437 http://secunia.com/advisories/34443 http://secunia.com/advisories/34469 http://secunia.com/advisories/34729 http://secunia.com/advisories/35559 http://secunia.com/advisories/35569 http://securitytracker.com/id?1021868 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 http://www.auscert.org.au/render.html?it=10666 http://www.debian.org/security/2009/dsa-1746 http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 http://www.redhat.com/support/errata/RHSA-2009-0345.html http://www.securityfocus.com/archive/1/501994/100/0/threaded http://www.securityfocus.com/bid/34184 http://www.ubuntu.com/usn/USN-743-1 http://www.vupen.com/english/advisories/2009/0776 http://www.vupen.com/english/advisories/2009/0777 http://www.vupen.com/english/advisories/2009/0816 http://www.vupen.com/english/advisories/2009/1708 https://bugzilla.redhat.com/show_bug.cgi?id=487742 https://exchange.xforce.ibmcloud.com/vulnerabilities/49329 https://issues.rpath.com/browse/RPL-2991 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10795 https://usn.ubuntu.com/757-1/ https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html