Multiple insufficient upper-bounds checks on certain sizes were found in the Ghostscript's International Color Consortium Format Library (icclib). An attacker could use this flaw to potentially execute arbitrary code by providing a specially-crafted image file for processing via the Ghotstscript's device file.
Lifting embargo
ghostscript-8.63-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ghostscript-8.63-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0584 to this vulnerability: icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 http://www.securityfocus.com/archive/1/archive/1/501994/100/0/threaded http://bugs.gentoo.org/show_bug.cgi?id=261087 http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050 https://issues.rpath.com/browse/RPL-2991 http://www.debian.org/security/2009/dsa-1746 http://www.securityfocus.com/bid/34184 http://securitytracker.com/id?1021868 http://secunia.com/advisories/34373 http://secunia.com/advisories/34381 http://secunia.com/advisories/34393 http://secunia.com/advisories/34398 http://www.vupen.com/english/advisories/2009/0776 http://www.vupen.com/english/advisories/2009/0777 http://xforce.iss.net/xforce/xfdb/49327
argyllcms-1.0.3-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
argyllcms-1.0.3-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 355610 [details] fix a bug in this security patch The fix for CVE 2009-0583/0584 introduces a serious bug that causes icclib to reject most ICC profiles, effectively disabling ICC handling in Ghostscript. The attached two-line patch fixes the two issues. First, by limiting the number of points in icmLut_read to the specified limit of 255 instead of 100 like the original patch. Second, by resetting an error condition when icm_read_tag fails to find a black point tag. This tag is optional, so the error should not be propagated; originally it was just ignored, but new error checking introduced by the security patch caught it when processing subsequent tags, incorrectly rejecting the profile as unreadable. I recommend updating the package with this fix to address the serious regressions introduced in the 8.64-5 release. The same change will be included in the upstream ghostscript-8.70 release.