Freely subscribe to our NEWSLETTER

SYNTHESIS OF THE VULNERABILITY

An attacker can invite the victim to open a malicious PDF or PS
file with Ghostscript in order to execute code with victim’s
privileges.

Severity: 2/4

Consequences: user access/rights, client access/rights

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 16/04/2009

IMPACTED PRODUCTS

– Fedora
– OpenSUSE
– Red Hat Enterprise Linux
– SUSE Linux Enterprise Server
– Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The ICC (International Color Consortium) profile defines color
variations needed by each device in order to display identical
colors. Some image types, such as JPEG or PNG, can contain ICC
profiles and can be included in a PDF or PostScript document.

The icclib/icc.c file of Ghostscript implements ICC.

The VIGILANCE-VUL-8547 (https://vigilance.fr/tree/1/8547)
vulnerability describes several ICC integer overflows which lead
to code execution. However, its patch was incomplete.

The icclib/icc.c file still contains several errors in the
handling of integers coming from an ICC profile. These integer
overflows can corrupt the memory.

An attacker can therefore invite the victim to open a malicious
PDF or PS file with Ghostscript in order to execute code with
victim’s privileges.

CHARACTERISTICS
Identifiers: 491853, CVE-2009-0792, FEDORA-2009-3430,
FEDORA-2009-3435, FEDORA-2009-3709, FEDORA-2009-3710,
FEDORA-2009-3720, FEDORA-2009-3740, RHSA-2009:0420-01,
RHSA-2009:0421-01, SUSE-SR:2009:009, VIGILANCE-VUL-8640
http://vigilance.fr/vulnerability/Ghostscript-integer-overflows-via-ICC-8640