CVE-2009-0584Ghostscript vulnerability

CWE-18914 documents8 sources
Severity
9.3CRITICALNVD
EPSS
9.0%
top 7.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Artifex GhostscriptArgyllcms CMSGhostscript
Timeline
PublishedMar 23
Latest updateMay 2

Description

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

Debianartifex/ghostscript< 8.64~dfsg-1.1+3
NVDargyllcms/cms1.0.3

🔴Vulnerability Details

3
GHSA
GHSA-3cwm-mjh6-3hwq: icc2022-05-02
OSV
CVE-2009-0584: icc2009-03-23
CVEList
CVE-2009-0584: icc2009-03-23

📋Vendor Advisories

4
Ubuntu
Ghostscript vulnerabilities2009-04-15
Ubuntu
Ghostscript vulnerabilities2009-03-23
Red Hat
argyllcms: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library2009-03-19
Debian
CVE-2009-0584: argyll - icc.c in the International Color Consortium (ICC) Format library (aka icclib), a...2009

💬Community

6
Bugzilla
CVE-2009-0583 CVE-2009-0584 Multiple argyllcms vulnerabilities [F9]2009-03-23
Bugzilla
CVE-2009-0583 CVE-2009-0584 Multiple argyllcms vulnerabilities [Fdevel]2009-03-23
Bugzilla
CVE-2009-0583 CVE-2009-0584 Multiple argyllcms vulnerabilities [F10]2009-03-23
Bugzilla
CVE-2009-0583 CVE-2009-0584 Multiple ghostscript vulnerabilities [Fedora 10]2009-03-20
Bugzilla
CVE-2009-0583 CVE-2009-0584 Multiple ghostscript vulnerabilities [Fedora 9]2009-03-20
CVE-2009-0584 — Ghostscript vulnerability | cvebase