Published: 23/03/2009 Updated: 07/02/2022

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple integer overflows in LittleCMS (aka lcms or liblcms) prior to 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent malicious users to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gimp gimp
mozilla firefox 3.1
sun openjdk
littlecms little cms

Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service (CVE-2009-0581) ...

Synopsis Moderate: lcms security update Type/Severity Security Advisory: Moderate Topic Updated lcms packages that resolve several security issues are nowavailable for Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Desc ...

Synopsis Important: java-160-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security R ...

Several security issues have been discovered in lcms, a color management library The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files CVE-2009-0723 Chris Evans dis ...

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0723

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect