CVE-2009-0733

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 23-03-2009 03:19

Last modified: - 07-02-2022 07:28

Total changes: - 2

Description

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

vendor=gimp AND product=gimp

vendor=mozilla AND product=firefox AND version=3.1 AND update=beta1

vendor=sun AND product=openjdk AND versionEndIncluding=7

vendor=littlecms AND product=little_cms AND versionEndIncluding=1.17

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=487512
RHSA-2009:0339-Third Party Advisory
http://scary.beasts.org/security/CESA-2009-003.html
34185-Broken Link, Third Party Advisory, VDB Entry
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
ADV-2009-0775-Broken Link
34400-Broken Link
USN-744-1-Third Party Advisory
34367-Broken Link
http://www.ocert.org/advisories/ocert-2009-003.html
34382-Broken Link
DSA-1745-Third Party Advisory
SUSE-SR:2009:007-Third Party Advisory
34418-Broken Link
FEDORA-2009-2903-Third Party Advisory
FEDORA-2009-2970-Third Party Advisory
34450-Broken Link
34454-Broken Link
FEDORA-2009-2983-Third Party Advisory
1021869-Broken Link, Third Party Advisory, VDB Entry
FEDORA-2009-2982-Third Party Advisory
34442-Broken Link
34408-Broken Link
FEDORA-2009-2910-Third Party Advisory
34463-Broken Link
SSA:2009-083-01-Third Party Advisory
FEDORA-2009-2928-Third Party Advisory
FEDORA-2009-3034-Third Party Advisory
RHSA-2009:0377-Third Party Advisory
34675-Broken Link
DSA-1769-Third Party Advisory
34632-Broken Link
GLSA-200904-19-Third Party Advisory
34782-Broken Link
MDVSA-2009:121-Broken Link
MDVSA-2009:137-Broken Link
MDVSA-2009:162-Broken Link
littlecms-readsetofcurves-bo(49330)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:9742-Tool Signature
20090320 [oCERT-2009-003] LittleCMS integer errors-Third Party Advisory, VDB Entry
20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)-Third Party Advisory, VDB Entry

Keywords

CVE-2009-0733

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-0733

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures