Buffer overflow in Argyllcms

CVE-2009-0583

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attack…

Vulnerability class: Buffer Overflow

EPSS: 0.047 (90.6th percentile) — read the EPSS interpretation.

Affected products

Argyllcms — versions 0.1.0, 0.2.0, 0.2.1
Ghostscript — versions 5.50, 7.05, 7.07
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (vendor-advisory, x_refsource_GENTOO)
secalert@redhat.com (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)