CVE-2009-0792 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ghostscript

11 documents8 sources

Severity

9.3CRITICALNVD

EPSS

1.2%

top 21.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Argyllcms Ghostscript

Timeline

PublishedApr 14

Latest updateMay 2

Description

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to …

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶Debianartifex/ghostscript< 8.64~dfsg-1.1+3

▶NVDargyllcms/argyllcms1.0.3+9

▶NVDghostscript/ghostscript8.64+12

🔴Vulnerability Details

GHSA

GHSA-c674-58j3-3v3w: Multiple integer overflows in icc↗2022-05-02

▶

CVEList

CVE-2009-0792: Multiple integer overflows in icc↗2009-04-14

▶

OSV

CVE-2009-0792: Multiple integer overflows in icc↗2009-04-14

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerabilities↗2009-04-15

▶

Red Hat

argyllcms: Incomplete fix for CVE-2009-0583↗2009-04-08

▶

Debian

CVE-2009-0792: argyll - Multiple integer overflows in icc.c in the International Color Consortium (ICC) ...↗2009

▶

💬Community

Bugzilla

CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 ghostscript various flaws [F10]↗2009-04-15

▶

Bugzilla

CVE-2009-0196 CVE-2009-0792 CVE-2009-0583 ghostscript various flaws [Fdevel]↗2009-04-15

▶

Bugzilla

CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 ghostscript various flaws [F9]↗2009-04-15

▶

Bugzilla

CVE-2009-0792 ghostscript, argyllcms: Incomplete fix for CVE-2009-0583↗2009-03-24

▶