diff options
| author | Hiroki Sato <hrs@FreeBSD.org> | 2009-04-20 08:08:50 +0000 |
|---|---|---|
| committer | Hiroki Sato <hrs@FreeBSD.org> | 2009-04-20 08:08:50 +0000 |
| commit | 6fefb478d66b561cb60fedeea1ad0ada99326400 (patch) | |
| tree | ad5895c16d60dcc79f7ac616067a13a38577ac8f /sysutils/bacula-bat | |
| parent | 64d1edd4b49d867fa5f2b7efb8e453065fe7209e (diff) | |
| download | ports-6fefb478d66b561cb60fedeea1ad0ada99326400.tar.gz ports-6fefb478d66b561cb60fedeea1ad0ada99326400.zip | |
Fix multiple integer overflows and lack of boundary check found
and marked as CVE-2009-583 and CVE-2009-584:
CVE-2009-583:
Multiple integer overflows in icc.c in the International Color
Consortium (ICC) Format library (aka icclib), as used in
Ghostscript 8.64 and earlier and Argyll Color Management
System (CMS) 1.0.3 and earlier, allow context-dependent
attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly execute arbitrary
code by using a device file for a translation request that
operates on a crafted image file and targets a certain "native
color space," related to an ICC profile in a (1) PostScript
or (2) PDF file with embedded images.
CVE-2009-584:
icc.c in the International Color Consortium (ICC) Format
library (aka icclib), as used in Ghostscript 8.64 and earlier
and Argyll Color Management System (CMS) 1.0.3 and earlier,
allows context-dependent attackers to cause a denial of
service (application crash) or possibly execute arbitrary code
by using a device file for processing a crafted image file
associated with large integer values for certain sizes, related
to an ICC profile in a (1) PostScript or (2) PDF file with
embedded images.
Security: CVE-2009-583
Security: CVE-2009-584
Approved by: portmgr (pav)
Notes
Notes:
svn path=/head/; revision=232378
Diffstat (limited to 'sysutils/bacula-bat')
0 files changed, 0 insertions, 0 deletions