VDB
CVE-2009-0584
CVE-2009-0584
PUBLISHED
CVSS 9.300000190734863 CRITICAL
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
EPSS 8.95% · 92.7th percentile
Risk Scores
CVSS v2.0
9.300000190734863
EPSS Score
8.95%
92.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ghostscript | ghostscript | 8.56, 8.61, 5.50 |
| argyllcms | cms | 0 |
| n/a | n/a | * |
Timeline
- Mar 23, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- 34381 third-party-advisory
- SUSE-SR:2009:007 vendor-advisory
- 34437 third-party-advisory
- 34393 third-party-advisory
- http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm url
- GLSA-200903-37 vendor-advisory
- 1021868 vdb
- 34266 third-party-advisory
- 34443 third-party-advisory
- FEDORA-2009-3031 vendor-advisory
- DSA-1746 vendor-advisory
- 52988 vdb
- ESB-2009.0259 third-party-advisory
- ADV-2009-0776 vdb
- oval:org.mitre.oval:def:10544 vdb
- FEDORA-2009-2885 vendor-advisory
- 262288 vendor-advisory
- FEDORA-2009-3011 vendor-advisory
- 34418 third-party-advisory
- 34729 third-party-advisory
…and 23 more