CVE-2009-0584

Name of the Vulnerable Software and Affected Versions Ghostscript versions 8.64 and earlier Argyll Color Management System (CMS) versions 1.0.3 and earlier

Description The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code. This can be achieved by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a PostScript or a PDF file with embedded images.

Recommendations For Ghostscript versions 8.64 and earlier, consider updating to a newer version to mitigate the risk. For Argyll Color Management System (CMS) versions 1.0.3 and earlier, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of ICC profiles in PostScript or PDF files with embedded images until a patch is available.