CVE-2009-0583

{"id": "CVE-2009-0583", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-03-23T20:00:00.343", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34266", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34373", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34381", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34393", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34398", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34418", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34437", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34443", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34469", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34729", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/35559", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/35569", "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1021868", "source": "secalert@redhat.com"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1", "source": "secalert@redhat.com"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm", "source": "secalert@redhat.com"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.auscert.org.au/render.html?it=10666", "tags": ["US Government Resource"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2009/dsa-1746", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/34184", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-743-1", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0776", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0777", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/0816", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/1708", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329", "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-2991", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795", "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/757-1/", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de enteros en icc.c en la libreria de formatos (alias icclib) del International Color Consortium (ICC), tal como se utiliza en Ghostscript 8.64 y anteriores y Argyll Color Management System (CMS) 1.0.3 y anteriores, permiten causar una denegaci\u00f3n de servicio (con desbordamiento de b\u00fafer basado en pila y ca\u00edda de la aplicaci\u00f3n) a atacantes dependientes de contexto y posiblemente ejecutar c\u00f3digo arbitrario por medio de un fichero de dispositivo para una solicitud de traducci\u00f3n que opera en un archivo de imagen creado y se dirige a un determinado \"espacio de color nativo\", en relaci\u00f3n con un perfil ICC en un (1) PostScript o (2) archivo PDF con im\u00e1genes incrustadas."}], "lastModified": "2023-02-13T01:17:08.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06B00D31-6A9C-44C2-AF0F-36F91CADCF04", "versionEndIncluding": "8.64"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9ECC8F7-93FD-427D-8395-F1B025CA4322"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E63082C3-15B6-4DD8-8818-BFD61B054B08"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DA7298B-2552-45DF-AE6B-FC71ACF623E1"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87A234A3-5FF9-4567-A731-3FFCD1965C60"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2916811-2ABD-4CC4-829B-AE805BA1BC6F"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "755FCEC1-E1DD-42BC-9606-17217DB69128"}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8C3057C-9207-4BCD-88D4-625BE0EFAE85"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0589F5F-9A14-4664-96E2-D3AD5B1C4907", "versionEndIncluding": "1.0.3"}, {"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87EEDC44-2DEB-4C76-9B28-322093F2F8A1"}, {"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECC777BB-79B6-41F4-8756-E53630198D37"}, {"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E685ACA-3C9C-4A65-BCE4-3D4F663C938E"}, {"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56941499-5BD0-4222-AD6C-D36DA165A02C"}, {"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "746233CB-AC91-404E-9763-797AD1DCAF72"}, {"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "787A9326-05FB-4766-A8F5-06C31763D2FB"}, {"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90A92F2B-E055-4FBF-BE3F-E115590F2685"}, {"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E228BF5-1FD4-4507-8451-82975E209FD6"}, {"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D1C3135-314E-48F7-A2A3-FC7FF071D1F1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}