CVE-2009-0584

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Affected Software

Name	Vendor	Start Version	End Version
Cms	Argyllcms	*	1.0.3 (including)
Ghostscript	Ghostscript	*	8.64 (including)
Ghostscript	Ghostscript	0 (including)	0 (including)
Ghostscript	Ghostscript	5.50 (including)	5.50 (including)
Ghostscript	Ghostscript	7.05 (including)	7.05 (including)
Ghostscript	Ghostscript	7.07 (including)	7.07 (including)
Ghostscript	Ghostscript	8.0.1 (including)	8.0.1 (including)
Ghostscript	Ghostscript	8.15 (including)	8.15 (including)
Ghostscript	Ghostscript	8.15.2 (including)	8.15.2 (including)
Ghostscript	Ghostscript	8.54 (including)	8.54 (including)
Ghostscript	Ghostscript	8.56 (including)	8.56 (including)
Ghostscript	Ghostscript	8.57 (including)	8.57 (including)
Ghostscript	Ghostscript	8.60 (including)	8.60 (including)
Ghostscript	Ghostscript	8.61 (including)	8.61 (including)
Red Hat Enterprise Linux 3	RedHat	ghostscript-0:7.05-32.1.17	*
Red Hat Enterprise Linux 4	RedHat	ghostscript-0:7.07-33.2.el4_7.5	*
Red Hat Enterprise Linux 5	RedHat	ghostscript-0:8.15.2-9.4.el5_3.4	*
Ghostscript	Ubuntu	devel	*
Ghostscript	Ubuntu	gutsy	*
Ghostscript	Ubuntu	hardy	*
Ghostscript	Ubuntu	intrepid	*
Gs-gpl	Ubuntu	dapper	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0584
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References