CVE-2009-0584

Name	CVE-2009-0584
Description	icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1746-1, DTSA-198-1
Debian Bugs	522416, 522448

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
argyll (PTS)	bullseye	2.0.1+repack-1.1	fixed
	bookworm	2.3.1+repack-1.1	fixed
	trixie	3.3.0+repack-1	fixed
	forky, sid	3.3.0+repack-1.1	fixed
ghostscript (PTS)	bullseye	9.53.3~dfsg-7+deb11u7	fixed
	bullseye (security)	9.53.3~dfsg-7+deb11u11	fixed
	bookworm	10.0.0~dfsg-11+deb12u7	fixed
	bookworm (security)	10.0.0~dfsg-11+deb12u8	fixed
	trixie	10.05.1~dfsg-1	fixed
	trixie (security)	10.05.1~dfsg-1+deb13u1	fixed
	forky	10.05.1~dfsg-3	fixed
	sid	10.06.0~dfsg-3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
argyll	source	(unstable)	1.0.3-2			522448
ghostscript	source	lenny	8.62.dfsg.1-3.2lenny1		DSA-1746-1
ghostscript	source	squeeze	8.64~dfsg-1+squeeze1		DTSA-198-1
ghostscript	source	(unstable)	8.64~dfsg-1.1	medium		522416
gs-esp	source	(unstable)	(unfixed)
gs-gpl	source	etch	8.54.dfsg.1-5etch2		DSA-1746-1
gs-gpl	source	(unstable)	(unfixed)	medium