Bug 487742 (CVE-2009-0583)
Summary: | CVE-2009-0583 ghostscript, argyllcms: Multiple integer overflows in the International Color Consortium Format Library | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | bressers, gwync, kreilly, kseifried, mjc, security-response-team, twaugh | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-10-25 17:36:25 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 487747, 487748, 487749, 487750, 487751, 491276, 491277, 491278, 491590, 491591, 491592 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Jan Lieskovsky
2009-02-27 18:20:05 UTC
Lifting embargo ghostscript-8.63-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. ghostscript-8.63-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. Updates for argyllcms for F-9 and F-10 are in Bodhi now. Thanks, Tim! Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0583 to this vulnerability: Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 http://www.securityfocus.com/archive/1/archive/1/501994/100/0/threaded http://bugs.gentoo.org/show_bug.cgi?id=261087 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 https://issues.rpath.com/browse/RPL-2991 http://www.debian.org/security/2009/dsa-1746 http://www.securityfocus.com/bid/34184 http://securitytracker.com/id?1021868 http://secunia.com/advisories/34373 http://secunia.com/advisories/34381 http://secunia.com/advisories/34393 http://secunia.com/advisories/34398 http://www.vupen.com/english/advisories/2009/0776 http://www.vupen.com/english/advisories/2009/0777 http://xforce.iss.net/xforce/xfdb/49329 argyllcms-1.0.3-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. argyllcms-1.0.3-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. All children bugs closed, parent no longer needed |