Vulnerabilites related to argyllcms - argyllcms
CVE-2009-0792 (GCVE-0-2009-0792)
Vulnerability from cvelistv5
Published
2009-04-14 16:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11207",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2009-3430",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "ghostscript-icc-bo(50381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "FEDORA-2009-3435",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34711"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34726"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11207",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2009-3430",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "ghostscript-icc-bo(50381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "FEDORA-2009-3435",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34711"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34726"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34667"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0792",
"datePublished": "2009-04-14T16:00:00",
"dateReserved": "2009-03-04T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0583 (GCVE-0-2009-0583)
Vulnerability from cvelistv5
Published
2009-03-23 19:26
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"name": "oval:org.mitre.oval:def:10795",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "ghostscript-icclib-native-color-bo(49329)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"name": "oval:org.mitre.oval:def:10795",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "ghostscript-icclib-native-color-bo(49329)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0583",
"datePublished": "2009-03-23T19:26:00",
"dateReserved": "2009-02-13T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1616 (GCVE-0-2012-1616)
Vulnerability from cvelistv5
Published
2012-06-21 15:00
Modified
2024-08-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "argyll-icc-code-execution(75162)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75162"
},
{
"name": "48921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48921"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=809697"
},
{
"name": "81617",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81617"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.argyllcms.com/icc_readme.html"
},
{
"name": "53240",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53240"
},
{
"name": "GLSA-201206-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-04.xml"
},
{
"name": "FEDORA-2012-6529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html"
},
{
"name": "49602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "argyll-icc-code-execution(75162)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75162"
},
{
"name": "48921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48921"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=809697"
},
{
"name": "81617",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81617"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.argyllcms.com/icc_readme.html"
},
{
"name": "53240",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53240"
},
{
"name": "GLSA-201206-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201206-04.xml"
},
{
"name": "FEDORA-2012-6529",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html"
},
{
"name": "49602",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49602"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1616",
"datePublished": "2012-06-21T15:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-06-21 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html | ||
| secalert@redhat.com | http://secunia.com/advisories/48921 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/49602 | Vendor Advisory | |
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201206-04.xml | ||
| secalert@redhat.com | http://www.argyllcms.com/icc_readme.html | ||
| secalert@redhat.com | http://www.osvdb.org/81617 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/53240 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=809697 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/75162 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48921 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/49602 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201206-04.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.argyllcms.com/icc_readme.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/81617 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/53240 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=809697 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/75162 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| argyllcms | argyllcms | * | |
| argyllcms | argyllcms | 0.1.0 | |
| argyllcms | argyllcms | 0.2.0 | |
| argyllcms | argyllcms | 0.2.1 | |
| argyllcms | argyllcms | 0.2.2 | |
| argyllcms | argyllcms | 0.3.0 | |
| argyllcms | argyllcms | 0.6.0 | |
| argyllcms | argyllcms | 0.7.0 | |
| argyllcms | argyllcms | 1.0.0 | |
| argyllcms | argyllcms | 1.0.2 | |
| argyllcms | argyllcms | 1.0.3 | |
| argyllcms | argyllcms | 1.0.4 | |
| argyllcms | argyllcms | 1.1.0 | |
| argyllcms | argyllcms | 1.1.1 | |
| argyllcms | argyllcms | 1.2.0 | |
| argyllcms | argyllcms | 1.3.0 | |
| argyllcms | argyllcms | 1.3.1 | |
| argyllcms | argyllcms | 1.3.2 | |
| argyllcms | argyllcms | 1.3.3 | |
| argyllcms | argyllcms | 1.3.4 | |
| argyllcms | argyllcms | 1.3.5 | |
| argyllcms | argyllcms | 1.3.6 | |
| color | icclib | * | |
| color | icclib | 1.23 | |
| color | icclib | 2.00 | |
| color | icclib | 2.02 | |
| color | icclib | 2.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60F5DFB7-C92C-4B9D-9227-B2955300C004",
"versionEndIncluding": "1.3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EEDC44-2DEB-4C76-9B28-322093F2F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC777BB-79B6-41F4-8756-E53630198D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E685ACA-3C9C-4A65-BCE4-3D4F663C938E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56941499-5BD0-4222-AD6C-D36DA165A02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "746233CB-AC91-404E-9763-797AD1DCAF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "787A9326-05FB-4766-A8F5-06C31763D2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*",
"matchCriteriaId": "90A92F2B-E055-4FBF-BE3F-E115590F2685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E228BF5-1FD4-4507-8451-82975E209FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1C3135-314E-48F7-A2A3-FC7FF071D1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53C652E2-10F4-427F-94E6-7397A287D3BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA14D58E-E7C6-4F12-A2B7-6FAB067BA8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C898B8-DABA-44CC-AD18-B65D2559C805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D889D51-4D4A-413E-ABFA-EF2B06A6098D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC39457-095A-4ACC-97B5-E2AAB8544855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64A6B78C-5098-4EDC-819A-8023F27C575F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7656E082-A1DC-4620-834F-433DE96516F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08DBA3B8-CEF4-4B18-98AF-BCC04418B910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "888237BF-B259-47B4-B126-FC26E9FF562A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF97FAFB-F52D-440D-BBE8-8B190228404E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9889AD-1D01-4036-BB9F-ED833FE20A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4DD973-D3EE-4941-9FFD-129173EF9657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:color:icclib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2013058D-9D77-48B7-B757-DF42607FEEA2",
"versionEndIncluding": "2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:color:icclib:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7C75E599-11F3-4319-9981-427DADF543B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:color:icclib:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C2CAC789-3A0B-4757-AB9B-7B8D2D30426E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:color:icclib:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "06B8E452-AB69-4A21-8BBE-1ABAACE0EEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:color:icclib:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "68840F74-2EA1-4CDD-B4FC-D5653F7ECE1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en icclib v2.13, tal y como se usa en Argyll CMS antes de v1.4 y posiblemente en otros programas, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo de perfil ICC debidamente modificado."
}
],
"id": "CVE-2012-1616",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-21T15:55:12.380",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48921"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49602"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201206-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.argyllcms.com/icc_readme.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/81617"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53240"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=809697"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201206-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.argyllcms.com/icc_readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/81617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=809697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75162"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-14 16:26
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html | ||
| secalert@redhat.com | http://secunia.com/advisories/34373 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34667 | ||
| secalert@redhat.com | http://secunia.com/advisories/34711 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34726 | ||
| secalert@redhat.com | http://secunia.com/advisories/34729 | ||
| secalert@redhat.com | http://secunia.com/advisories/34732 | ||
| secalert@redhat.com | http://secunia.com/advisories/35416 | ||
| secalert@redhat.com | http://secunia.com/advisories/35559 | ||
| secalert@redhat.com | http://secunia.com/advisories/35569 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201412-17.xml | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm | ||
| secalert@redhat.com | http://wiki.rpath.com/Advisories:rPSA-2009-0060 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0420.html | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0421.html | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/502757/100/0/threaded | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1708 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=491853 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/50381 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207 | ||
| secalert@redhat.com | https://usn.ubuntu.com/757-1/ | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34373 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34667 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34711 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34726 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34729 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34732 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35416 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35559 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35569 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201412-17.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0060 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0420.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0421.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/502757/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1708 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=491853 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/50381 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/757-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript | * | |
| ghostscript | ghostscript | 5.50 | |
| ghostscript | ghostscript | 7.05 | |
| ghostscript | ghostscript | 7.07 | |
| ghostscript | ghostscript | 8.0.1 | |
| ghostscript | ghostscript | 8.15 | |
| ghostscript | ghostscript | 8.15.2 | |
| ghostscript | ghostscript | 8.54 | |
| ghostscript | ghostscript | 8.56 | |
| ghostscript | ghostscript | 8.57 | |
| ghostscript | ghostscript | 8.61 | |
| ghostscript | ghostscript | 8.62 | |
| ghostscript | ghostscript | 8.63 | |
| argyllcms | argyllcms | * | |
| argyllcms | argyllcms | 0.1.0 | |
| argyllcms | argyllcms | 0.2.0 | |
| argyllcms | argyllcms | 0.2.1 | |
| argyllcms | argyllcms | 0.2.2 | |
| argyllcms | argyllcms | 0.3.0 | |
| argyllcms | argyllcms | 0.6.0 | |
| argyllcms | argyllcms | 0.7.0 | |
| argyllcms | argyllcms | 1.0.0 | |
| argyllcms | argyllcms | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B00D31-6A9C-44C2-AF0F-36F91CADCF04",
"versionEndIncluding": "8.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ECC8F7-93FD-427D-8395-F1B025CA4322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "E63082C3-15B6-4DD8-8818-BFD61B054B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA7298B-2552-45DF-AE6B-FC71ACF623E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "87A234A3-5FF9-4567-A731-3FFCD1965C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "B2916811-2ABD-4CC4-829B-AE805BA1BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*",
"matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "755FCEC1-E1DD-42BC-9606-17217DB69128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C3057C-9207-4BCD-88D4-625BE0EFAE85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0589F5F-9A14-4664-96E2-D3AD5B1C4907",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EEDC44-2DEB-4C76-9B28-322093F2F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC777BB-79B6-41F4-8756-E53630198D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E685ACA-3C9C-4A65-BCE4-3D4F663C938E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56941499-5BD0-4222-AD6C-D36DA165A02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "746233CB-AC91-404E-9763-797AD1DCAF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "787A9326-05FB-4766-A8F5-06C31763D2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*",
"matchCriteriaId": "90A92F2B-E055-4FBF-BE3F-E115590F2685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E228BF5-1FD4-4507-8451-82975E209FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1C3135-314E-48F7-A2A3-FC7FF071D1F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en icc.c en el International Color Consortium (ICC) Format library (tambi\u00e9n conocido como icclib), como lo utilizado en Ghostscript v8.64 y versiones anteriores y Argyll Color Management System (CMS) v1.0.3 y versiones anteriores, permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en mont\u00edculo y ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n utilizado un fichero de dispositivo para una petici\u00f3n de traducci\u00f3n que opera en un fichero de imagen manipulado y tiene como objetivo un determinado \"espacio de color nativo,\" relacionado con un perfil ICC en un (1) PostScript o (2) fichero PDF file with embedded image con im\u00e1genes embebidas.\r\nNOTA: esta cuesti\u00f3n existe debido a una modificaci\u00f3n inicial imcompleta de CVE-2009-0583."
}
],
"id": "CVE-2009-0792",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-14T16:26:56.110",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34667"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34711"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34726"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-23 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.gentoo.org/show_bug.cgi?id=261087 | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html | ||
| secalert@redhat.com | http://secunia.com/advisories/34266 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34373 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34381 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34393 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34398 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34418 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34437 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34443 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34469 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/34729 | ||
| secalert@redhat.com | http://secunia.com/advisories/35559 | ||
| secalert@redhat.com | http://secunia.com/advisories/35569 | ||
| secalert@redhat.com | http://securitytracker.com/id?1021868 | ||
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm | ||
| secalert@redhat.com | http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 | Vendor Advisory | |
| secalert@redhat.com | http://www.auscert.org.au/render.html?it=10666 | US Government Resource | |
| secalert@redhat.com | http://www.debian.org/security/2009/dsa-1746 | Vendor Advisory | |
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2009-0345.html | Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/501994/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/34184 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-743-1 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/0776 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/0777 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/0816 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/1708 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=487742 | Vendor Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/49329 | ||
| secalert@redhat.com | https://issues.rpath.com/browse/RPL-2991 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795 | ||
| secalert@redhat.com | https://usn.ubuntu.com/757-1/ | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html | Vendor Advisory | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html | Vendor Advisory | |
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=261087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34266 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34373 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34381 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34393 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34398 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34418 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34437 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34443 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34469 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34729 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35559 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35569 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1021868 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.auscert.org.au/render.html?it=10666 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1746 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0345.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/501994/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34184 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-743-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0776 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0777 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0816 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/1708 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=487742 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/49329 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-2991 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/757-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript | * | |
| ghostscript | ghostscript | 5.50 | |
| ghostscript | ghostscript | 7.05 | |
| ghostscript | ghostscript | 7.07 | |
| ghostscript | ghostscript | 8.0.1 | |
| ghostscript | ghostscript | 8.15 | |
| ghostscript | ghostscript | 8.15.2 | |
| ghostscript | ghostscript | 8.54 | |
| ghostscript | ghostscript | 8.56 | |
| ghostscript | ghostscript | 8.57 | |
| ghostscript | ghostscript | 8.61 | |
| ghostscript | ghostscript | 8.62 | |
| ghostscript | ghostscript | 8.63 | |
| argyllcms | argyllcms | * | |
| argyllcms | argyllcms | 0.1.0 | |
| argyllcms | argyllcms | 0.2.0 | |
| argyllcms | argyllcms | 0.2.1 | |
| argyllcms | argyllcms | 0.2.2 | |
| argyllcms | argyllcms | 0.3.0 | |
| argyllcms | argyllcms | 0.6.0 | |
| argyllcms | argyllcms | 0.7.0 | |
| argyllcms | argyllcms | 1.0.0 | |
| argyllcms | argyllcms | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B00D31-6A9C-44C2-AF0F-36F91CADCF04",
"versionEndIncluding": "8.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ECC8F7-93FD-427D-8395-F1B025CA4322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "E63082C3-15B6-4DD8-8818-BFD61B054B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA7298B-2552-45DF-AE6B-FC71ACF623E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "87A234A3-5FF9-4567-A731-3FFCD1965C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "B2916811-2ABD-4CC4-829B-AE805BA1BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*",
"matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "755FCEC1-E1DD-42BC-9606-17217DB69128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C3057C-9207-4BCD-88D4-625BE0EFAE85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0589F5F-9A14-4664-96E2-D3AD5B1C4907",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EEDC44-2DEB-4C76-9B28-322093F2F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC777BB-79B6-41F4-8756-E53630198D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E685ACA-3C9C-4A65-BCE4-3D4F663C938E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56941499-5BD0-4222-AD6C-D36DA165A02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "746233CB-AC91-404E-9763-797AD1DCAF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "787A9326-05FB-4766-A8F5-06C31763D2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*",
"matchCriteriaId": "90A92F2B-E055-4FBF-BE3F-E115590F2685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E228BF5-1FD4-4507-8451-82975E209FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1C3135-314E-48F7-A2A3-FC7FF071D1F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en icc.c en la libreria de formatos (alias icclib) del International Color Consortium (ICC), tal como se utiliza en Ghostscript 8.64 y anteriores y Argyll Color Management System (CMS) 1.0.3 y anteriores, permiten causar una denegaci\u00f3n de servicio (con desbordamiento de b\u00fafer basado en pila y ca\u00edda de la aplicaci\u00f3n) a atacantes dependientes de contexto y posiblemente ejecutar c\u00f3digo arbitrario por medio de un fichero de dispositivo para una solicitud de traducci\u00f3n que opera en un archivo de imagen creado y se dirige a un determinado \"espacio de color nativo\", en relaci\u00f3n con un perfil ICC en un (1) PostScript o (2) archivo PDF con im\u00e1genes incrustadas."
}
],
"id": "CVE-2009-0583",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-23T20:00:00.343",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34266"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34381"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34393"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34398"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34418"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34437"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34443"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34469"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1021868"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/34184"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-743-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-743-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}