CVE-2009-0792

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain native color space, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.

Affected Software

Name	Vendor	Start Version	End Version
Ghostscript	Ghostscript	*	8.64 (including)
Ghostscript	Ghostscript	5.50 (including)	5.50 (including)
Ghostscript	Ghostscript	7.05 (including)	7.05 (including)
Ghostscript	Ghostscript	7.07 (including)	7.07 (including)
Ghostscript	Ghostscript	8.0.1 (including)	8.0.1 (including)
Ghostscript	Ghostscript	8.15 (including)	8.15 (including)
Ghostscript	Ghostscript	8.15.2 (including)	8.15.2 (including)
Ghostscript	Ghostscript	8.54 (including)	8.54 (including)
Ghostscript	Ghostscript	8.56 (including)	8.56 (including)
Ghostscript	Ghostscript	8.57 (including)	8.57 (including)
Ghostscript	Ghostscript	8.61 (including)	8.61 (including)
Ghostscript	Ghostscript	8.62 (including)	8.62 (including)
Ghostscript	Ghostscript	8.63 (including)	8.63 (including)
Red Hat Enterprise Linux 3	RedHat	ghostscript-0:7.05-32.1.20	*
Red Hat Enterprise Linux 4	RedHat	ghostscript-0:7.07-33.2.el4_7.8	*
Red Hat Enterprise Linux 5	RedHat	ghostscript-0:8.15.2-9.4.el5_3.7	*
Ghostscript	Ubuntu	devel	*
Ghostscript	Ubuntu	gutsy	*
Ghostscript	Ubuntu	hardy	*
Ghostscript	Ubuntu	intrepid	*
Ghostscript	Ubuntu	jaunty	*
Ghostscript	Ubuntu	karmic	*
Gs-afpl	Ubuntu	dapper	*
Gs-esp	Ubuntu	dapper	*
Gs-gpl	Ubuntu	dapper	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0792
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References