Rapid7 Vulnerability & Exploit Database

ELSA-2009-0345 Moderate: Enterprise Linux ghostscript security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2009-0345 Moderate: Enterprise Linux ghostscript security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

03/23/2009

Created

07/25/2018

Added

12/20/2011

Modified

04/11/2019

Description

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Solution(s)

oracle-linux-upgrade-ghostscript
oracle-linux-upgrade-ghostscript-devel
oracle-linux-upgrade-ghostscript-gtk
oracle-linux-upgrade-hpijs

References

https://attackerkb.com/topics/cve-2009-0583
34184
CVE - 2009-0583
CVE - 2009-0584
DSA-1746
OVAL10544
OVAL10795
RHSA-2009:0345
http://oss.oracle.com/pipermail/el-errata/2009-March/000920.html
http://oss.oracle.com/pipermail/el-errata/2009-March/000922.html
http://oss.oracle.com/pipermail/el-errata/2009-March/000925.html
49327
49329

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;