Rapid7 Vulnerability & Exploit Database

ELSA-2009-0420 Moderate: Enterprise Linux ghostscript security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2009-0420 Moderate: Enterprise Linux ghostscript security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

04/14/2009

Created

07/25/2018

Added

12/20/2011

Modified

04/11/2019

Description

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.

Solution(s)

oracle-linux-upgrade-ghostscript
oracle-linux-upgrade-ghostscript-devel
oracle-linux-upgrade-ghostscript-gtk
oracle-linux-upgrade-hpijs

References

https://attackerkb.com/topics/cve-2009-0792
CVE - 2009-0792
OVAL11207
RHSA-2009:0420
RHSA-2009:0421
http://oss.oracle.com/pipermail/el-errata/2009-April/000965.html
http://oss.oracle.com/pipermail/el-errata/2009-April/000966.html
50381

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;