Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-0581

Published: 23/03/2009 Updated: 13/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Littlecms

Vulnerability Summary

Memory leak in LittleCMS (aka lcms or liblcms) prior to 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent malicious users to cause a denial of service (memory consumption and application crash) via a crafted image file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

littlecms little cms

mozilla firefox 3.1

gimp gimp

sun openjdk

Vendor Advisories

Ubuntu Security Notice: lcms vulnerabilities
Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service (CVE-2009-0581) ...
Red Hat: Moderate: lcms security update
Synopsis Moderate: lcms security update Type/Severity Security Advisory: Moderate Topic Updated lcms packages that resolve several security issues are nowavailable for Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Desc ...
Red Hat: Important: java-1.6.0-openjdk security update
Synopsis Important: java-160-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security R ...
Debian Security Advisories: DSA-1745-1 lcms -- several vulnerabilities
Several security issues have been discovered in lcms, a color management library The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files CVE-2009-0723 Chris Evans dis ...

References

CWE-401http://www.securityfocus.com/bid/34185http://www.redhat.com/support/errata/RHSA-2009-0339.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=487509http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.htmlhttp://scary.beasts.org/security/CESA-2009-003.htmlhttp://secunia.com/advisories/34382http://www.vupen.com/english/advisories/2009/0775http://www.debian.org/security/2009/dsa-1745http://secunia.com/advisories/34367http://www.ubuntu.com/usn/USN-744-1http://secunia.com/advisories/34400http://www.ocert.org/advisories/ocert-2009-003.htmlhttp://secunia.com/advisories/34418http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlhttp://secunia.com/advisories/34442https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.htmlhttp://secunia.com/advisories/34408https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.htmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438http://secunia.com/advisories/34450https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.htmlhttp://www.securitytracker.com/id?1021870https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.htmlhttp://secunia.com/advisories/34463http://secunia.com/advisories/34454https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.htmlhttps://rhn.redhat.com/errata/RHSA-2009-0377.htmlhttp://www.debian.org/security/2009/dsa-1769http://secunia.com/advisories/34675http://secunia.com/advisories/34632http://security.gentoo.org/glsa/glsa-200904-19.xmlhttp://secunia.com/advisories/34782http://www.mandriva.com/security/advisories?name=MDVSA-2009:121http://www.mandriva.com/security/advisories?name=MDVSA-2009:137http://www.mandriva.com/security/advisories?name=MDVSA-2009:162https://exchange.xforce.ibmcloud.com/vulnerabilities/49328https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023http://www.securityfocus.com/archive/1/502031/100/0/threadedhttp://www.securityfocus.com/archive/1/502018/100/0/threadedhttps://usn.ubuntu.com/744-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525CVE-2024-4652CVE-2024-1438CVE-2024-4671CVE-2024-34351arbitrary CVE-2024-4650SQL injectionoverflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook