CVE-2009-0792 Information
Description
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib) as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \native color space\ related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
Reference
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/34373 http://secunia.com/advisories/34667 http://secunia.com/advisories/34711 http://secunia.com/advisories/34726 http://secunia.com/advisories/34729 http://secunia.com/advisories/34732 http://secunia.com/advisories/35416 http://secunia.com/advisories/35559 http://secunia.com/advisories/35569 http://security.gentoo.org/glsa/glsa-201412-17.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm http://wiki.rpath.com/Advisories:rPSA-2009-0060 http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 http://www.redhat.com/support/errata/RHSA-2009-0420.html http://www.redhat.com/support/errata/RHSA-2009-0421.html http://www.securityfocus.com/archive/1/502757/100/0/threaded http://www.vupen.com/english/advisories/2009/1708 https://bugzilla.redhat.com/show_bug.cgi?id=491853 https://exchange.xforce.ibmcloud.com/vulnerabilities/50381 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11207 https://usn.ubuntu.com/757-1/ https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html
Share on: