CVE-2009-0792

Name of the Vulnerable Software and Affected Versions Ghostscript versions 8.64 and earlier Argyll Color Management System (CMS) versions 1.0.3 and earlier hpijs package version 1.3 in Red Hat Enterprise Linux

Description The issue is related to multiple integer overflows in the International Color Consortium (ICC) Format library, which can be exploited by context-dependent attackers to cause a denial of service or possibly execute arbitrary code. This can be achieved by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a PostScript or PDF file with embedded images. Additionally, there are multiple vulnerabilities in the hpijs package of Red Hat Enterprise Linux that can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For Ghostscript versions 8.64 and earlier, consider updating to a newer version to mitigate the risk. For Argyll Color Management System (CMS) versions 1.0.3 and earlier, consider updating to a newer version to mitigate the risk. For hpijs package version 1.3 in Red Hat Enterprise Linux, restrict access to the package until a patch is available. As a temporary workaround, consider disabling the use of ICC profiles in PostScript or PDF files with embedded images until a patch is available.