Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0733

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0733
Last Modified 07 Mar 2011 10:19:00
Published 23 Mar 2009 10:19:12
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0733

Summary

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

Vulnerable Systems

Application

  • Gimp

  • Littlecms Lcms 1.07

  • Littlecms Lcms 1.08

  • Littlecms Lcms 1.09

  • Littlecms Lcms 1.10

  • Littlecms Lcms 1.11

  • Littlecms Lcms 1.12

  • Littlecms Lcms 1.13

  • Littlecms Lcms 1.14

  • Littlecms Lcms 1.15

  • Littlecms Lcms 1.16

  • Littlecms Lcms 1.17

  • Mozilla Firefox 3.1

  • Sun Openjdk 7


References

FEDORA - FEDORA-2009-3034

FEDORA - FEDORA-2009-2983

FEDORA - FEDORA-2009-2982

FEDORA - FEDORA-2009-2970

FEDORA - FEDORA-2009-2928

FEDORA - FEDORA-2009-2910

FEDORA - FEDORA-2009-2903

REDHAT - RHSA-2009:0377

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=487512

XF - littlecms-readsetofcurves-bo(49330)

XF - littlecms-unspecified-code-execution(49330)

VUPEN - ADV-2009-0775

UBUNTU - USN-744-1

SECTRACK - 1021869

BID - 34185

BUGTRAQ - 20090320 [oCERT-2009-003] LittleCMS integer errors

BUGTRAQ - 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)

REDHAT - RHSA-2009:0339

MISC - http://www.ocert.org/advisories/ocert-2009-003.html

MANDRIVA - MDVSA-2009:162

MANDRIVA - MDVSA-2009:137

MANDRIVA - MDVSA-2009:121

DEBIAN - DSA-1769

DEBIAN - DSA-1745

SLACKWARE - SSA:2009-083-01

GENTOO - GLSA-200904-19

SECUNIA - 34782

SECUNIA - 34675

SECUNIA - 34632

SECUNIA - 34463

SECUNIA - 34454

SECUNIA - 34450

SECUNIA - 34442

SECUNIA - 34418

SECUNIA - 34408

SECUNIA - 34400

SECUNIA - 34382

SECUNIA - 34367

MISC - http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html

MISC - http://scary.beasts.org/security/CESA-2009-003.html

SUSE - SUSE-SR:2009:007

Related Patches

Novell SUSE 2009:6048 liblcms security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:20