CVE-2009-0584 Information

Description

icc.c in the International Color Consortium (ICC) Format library (aka icclib) as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=261087 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://osvdb.org/52988 http://secunia.com/advisories/34266 http://secunia.com/advisories/34373 http://secunia.com/advisories/34381 http://secunia.com/advisories/34393 http://secunia.com/advisories/34398 http://secunia.com/advisories/34418 http://secunia.com/advisories/34437 http://secunia.com/advisories/34443 http://secunia.com/advisories/34469 http://secunia.com/advisories/34729 http://secunia.com/advisories/35559 http://secunia.com/advisories/35569 http://securitytracker.com/id?1021868 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 http://www.auscert.org.au/render.html?it=10666 http://www.debian.org/security/2009/dsa-1746 http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 http://www.redhat.com/support/errata/RHSA-2009-0345.html http://www.securityfocus.com/archive/1/501994/100/0/threaded http://www.securityfocus.com/bid/34184 http://www.ubuntu.com/usn/USN-743-1 http://www.vupen.com/english/advisories/2009/0776 http://www.vupen.com/english/advisories/2009/0777 http://www.vupen.com/english/advisories/2009/0816 http://www.vupen.com/english/advisories/2009/1708 https://bugzilla.redhat.com/show_bug.cgi?id=487744 https://exchange.xforce.ibmcloud.com/vulnerabilities/49327 https://issues.rpath.com/browse/RPL-2991 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10544 https://usn.ubuntu.com/757-1/ https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html