Unrated severityNVD Advisory· Published Mar 23, 2009· Updated Apr 23, 2026
CVE-2009-0583
CVE-2009-0583
Description
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
Affected products
23cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*range: <=1.0.3
- cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*
- cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*range: <=8.64
- cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
40- secunia.com/advisories/34266nvdVendor Advisory
- secunia.com/advisories/34373nvdVendor Advisory
- secunia.com/advisories/34381nvdVendor Advisory
- secunia.com/advisories/34393nvdVendor Advisory
- secunia.com/advisories/34398nvdVendor Advisory
- secunia.com/advisories/34418nvdVendor Advisory
- secunia.com/advisories/34437nvdVendor Advisory
- secunia.com/advisories/34443nvdVendor Advisory
- secunia.com/advisories/34469nvdVendor Advisory
- wiki.rpath.com/wiki/Advisories:rPSA-2009-0050nvdVendor Advisory
- www.debian.org/security/2009/dsa-1746nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2009-0345.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2009/0776nvdVendor Advisory
- www.vupen.com/english/advisories/2009/0777nvdVendor Advisory
- www.vupen.com/english/advisories/2009/0816nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdVendor Advisory
- www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.htmlnvdVendor Advisory
- www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.htmlnvdVendor Advisory
- www.auscert.org.au/render.htmlnvdUS Government Resource
- bugs.gentoo.org/show_bug.cginvd
- lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlnvd
- secunia.com/advisories/34729nvd
- secunia.com/advisories/35559nvd
- secunia.com/advisories/35569nvd
- securitytracker.com/idnvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2009-098.htmnvd
- www.gentoo.org/security/en/glsa/glsa-200903-37.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/archive/1/501994/100/0/threadednvd
- www.securityfocus.com/bid/34184nvd
- www.ubuntu.com/usn/USN-743-1nvd
- www.vupen.com/english/advisories/2009/1708nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/49329nvd
- issues.rpath.com/browse/RPL-2991nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795nvd
- usn.ubuntu.com/757-1/nvd
- www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.htmlnvd
News mentions
0No linked articles in our index yet.