Unrated severityNVD Advisory· Published Mar 23, 2009· Updated Apr 23, 2026

CVE-2009-0584

Description

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Affected products

Artifex/Ghostscript13 versions
cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*range: <=8.64
- cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:*
- cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*
Argyllcms/Cms
cpe:2.3:a:argyllcms:cms:*:*:*:*:*:*:*:*
Range: <=1.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/34373nvdVendor Advisory
secunia.com/advisories/34381nvdVendor Advisory
secunia.com/advisories/34393nvdVendor Advisory
secunia.com/advisories/34398nvdVendor Advisory
secunia.com/advisories/34437nvdVendor Advisory
www.redhat.com/support/errata/RHSA-2009-0345.htmlnvdVendor Advisory
www.vupen.com/english/advisories/2009/0776nvdVendor Advisory
www.vupen.com/english/advisories/2009/0777nvdVendor Advisory
www.vupen.com/english/advisories/2009/0816nvdVendor Advisory
www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.htmlnvdVendor Advisory
www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.htmlnvdVendor Advisory
www.auscert.org.au/render.htmlnvdUS Government Resource
bugs.gentoo.org/show_bug.cginvd
lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlnvd
osvdb.org/52988nvd
secunia.com/advisories/34266nvd
secunia.com/advisories/34418nvd
secunia.com/advisories/34443nvd
secunia.com/advisories/34469nvd
secunia.com/advisories/34729nvd
secunia.com/advisories/35559nvd
secunia.com/advisories/35569nvd
securitytracker.com/idnvd
sunsolve.sun.com/search/document.donvd
support.avaya.com/elmodocs2/security/ASA-2009-098.htmnvd
wiki.rpath.com/wiki/Advisories:rPSA-2009-0050nvd
www.debian.org/security/2009/dsa-1746nvd
www.gentoo.org/security/en/glsa/glsa-200903-37.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/archive/1/501994/100/0/threadednvd
www.securityfocus.com/bid/34184nvd
www.ubuntu.com/usn/USN-743-1nvd
www.vupen.com/english/advisories/2009/1708nvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/49327nvd
issues.rpath.com/browse/RPL-2991nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544nvd
usn.ubuntu.com/757-1/nvd
www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.htmlnvd
www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000