Red Hat Bugzilla – Bug 487742
CVE-2009-0583 ghostscript, argyllcms: Multiple integer overflows in the International Color Consortium Format Library
Last modified: 2016-03-04 07:42:03 EST
Multiple integer overflows were found in the Ghostsript's International Color Consortium Format Library (icclib). An attacker could use this flaw to
potentially execute arbitrary code by requesting to translate a specially-
crafted image file created on one device into another's device native color
space via a device file.
ghostscript-8.63-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ghostscript-8.63-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Updates for argyllcms for F-9 and F-10 are in Bodhi now. Thanks, Tim!
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0583 to
Multiple integer overflows in icc.c in the International Color
Consortium (ICC) Format library (aka icclib), as used in Ghostscript
8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and
earlier, allow context-dependent attackers to cause a denial of
service (heap-based buffer overflow and application crash) or possibly
execute arbitrary code by using a device file for a translation
request that operates on a crafted image file and targets a certain
"native color space," related to an ICC profile in a (1) PostScript or
(2) PDF file with embedded images.
argyllcms-1.0.3-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
argyllcms-1.0.3-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
All children bugs closed, parent no longer needed