CVE-2009-0584
EPSS 9.0%
Description
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
How to fix CVE-2009-0584
To remediate CVE-2009-0584, upgrade the affected package to a fixed version below.
- Debian/argyll—upgrade to 1.0.3-2 or later
- —upgrade to 8.64~dfsg-1.1 or later
Is CVE-2009-0584 being exploited?
Moderate — EPSS is 9.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.0.3-2
- from 0, < 8.64~dfsg-1.1