CVE-2009-0583

Name of the Vulnerable Software and Affected Versions Ghostscript versions 8.64 and earlier Argyll Color Management System (CMS) versions 1.0.3 and earlier

Description The issue is related to multiple integer overflows in the ICC Format library, which can be exploited by context-dependent attackers to cause a denial of service or possibly execute arbitrary code. This can be achieved by using a device file for a translation request that operates on a crafted image file, targeting a certain "native color space" related to an ICC profile in a PostScript or PDF file with embedded images.

Recommendations For Ghostscript versions 8.64 and earlier, update to a version later than 8.64 to resolve the issue. For Argyll Color Management System (CMS) versions 1.0.3 and earlier, update to a version later than 1.0.3 to resolve the issue. As a temporary workaround, consider restricting the use of device files for translation requests that operate on crafted image files to minimize the risk of exploitation.