Vulnerabilidad en icc.c en icclib del International Color Consortium (ICC) (CVE-2009-0584)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-189
Errores numéricos
Fecha de publicación:
23/03/2009
Última modificación:
09/04/2025
Descripción
icc.c, perteneciente a la librería de formatos del International Color Consortium (ICC) (alias icclib), tal y como se utiliza en Ghostscript 8.64 y anteriores y Argyll Color Management System (CMS) 1.0.3 y anteriores, permite causar una denegación de servicio (con caída de la aplicación) a atacantes dependientes de contexto, o posiblemente ejecutar código arbitrario por medio de un fichero de dispositivo diseñado para procesar archivos de imagen con modificaciones relacionadas con valores enteros grandes para determinados tamaños, en relación con un perfil ICC en un (1) PostScript o (2) un archivo PDF con imágenes incrustadas.
Impacto
Puntuación base 2.0
9.30
Gravedad 2.0
ALTA
Productos y versiones vulnerables
CPE | Desde | Hasta |
---|---|---|
cpe:2.3:a:argyllcms:cms:*:*:*:*:*:*:*:* | 1.0.3 (incluyendo) | |
cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:* | 8.64 (incluyendo) | |
cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:* | ||
cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://bugs.gentoo.org/show_bug.cgi?id=261087
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://osvdb.org/52988
- http://secunia.com/advisories/34266
- http://secunia.com/advisories/34373
- http://secunia.com/advisories/34381
- http://secunia.com/advisories/34393
- http://secunia.com/advisories/34398
- http://secunia.com/advisories/34418
- http://secunia.com/advisories/34437
- http://secunia.com/advisories/34443
- http://secunia.com/advisories/34469
- http://secunia.com/advisories/34729
- http://secunia.com/advisories/35559
- http://secunia.com/advisories/35569
- http://securitytracker.com/id?1021868=
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
- http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
- http://www.auscert.org.au/render.html?it=10666
- http://www.debian.org/security/2009/dsa-1746
- http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A095
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A096
- http://www.redhat.com/support/errata/RHSA-2009-0345.html
- http://www.securityfocus.com/archive/1/501994/100/0/threaded
- http://www.securityfocus.com/bid/34184
- http://www.ubuntu.com/usn/USN-743-1
- http://www.vupen.com/english/advisories/2009/0776
- http://www.vupen.com/english/advisories/2009/0777
- http://www.vupen.com/english/advisories/2009/0816
- http://www.vupen.com/english/advisories/2009/1708
- https://bugzilla.redhat.com/show_bug.cgi?id=487744
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49327
- https://issues.rpath.com/browse/RPL-2991
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
- https://usn.ubuntu.com/757-1/
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html
- http://bugs.gentoo.org/show_bug.cgi?id=261087
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://osvdb.org/52988
- http://secunia.com/advisories/34266
- http://secunia.com/advisories/34373
- http://secunia.com/advisories/34381
- http://secunia.com/advisories/34393
- http://secunia.com/advisories/34398
- http://secunia.com/advisories/34418
- http://secunia.com/advisories/34437
- http://secunia.com/advisories/34443
- http://secunia.com/advisories/34469
- http://secunia.com/advisories/34729
- http://secunia.com/advisories/35559
- http://secunia.com/advisories/35569
- http://securitytracker.com/id?1021868=
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm
- http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050
- http://www.auscert.org.au/render.html?it=10666
- http://www.debian.org/security/2009/dsa-1746
- http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A095
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A096
- http://www.redhat.com/support/errata/RHSA-2009-0345.html
- http://www.securityfocus.com/archive/1/501994/100/0/threaded
- http://www.securityfocus.com/bid/34184
- http://www.ubuntu.com/usn/USN-743-1
- http://www.vupen.com/english/advisories/2009/0776
- http://www.vupen.com/english/advisories/2009/0777
- http://www.vupen.com/english/advisories/2009/0816
- http://www.vupen.com/english/advisories/2009/1708
- https://bugzilla.redhat.com/show_bug.cgi?id=487744
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49327
- https://issues.rpath.com/browse/RPL-2991
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544
- https://usn.ubuntu.com/757-1/
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html
- https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html