CVE-2009-0584

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

Published: Mar 23, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-0584
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
ghostscript / ghostscript	8.60	8.60.x
ghostscript / ghostscript	7.07	7.07.x
ghostscript / ghostscript	-	-
ghostscript / ghostscript	8.57	8.57.x
ghostscript / ghostscript	8.54	8.54.x
ghostscript / ghostscript	7.05	7.05.x
ghostscript / ghostscript	-	8.64.x
ghostscript / ghostscript	5.50	5.50.x
argyllcms / cms	-	1.0.3.x
ghostscript / ghostscript	8.15	8.15.x
ghostscript / ghostscript	8.56	8.56.x
ghostscript / ghostscript	8.15.2	8.15.2.x
ghostscript / ghostscript	8.0.1	8.0.1.x
ghostscript / ghostscript	8.61	8.61.x

Vulnerability Database

308,379

CVE-2009-0584

Deep Security Visibility Without the Complexity