ID CVE-2009-0723
Summary Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*
    cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:*
  • cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
    cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.07:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.07:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.08:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.08:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.09:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.09:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms:1.17:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 07-02-2022 - 18:18)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:15:44.367-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
family unix
id oval:org.mitre.oval:def:11780
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
version 18
redhat via4
advisories
  • rhsa
    id RHSA-2009:0339
  • rhsa
    id RHSA-2009:0377
rpms
  • lcms-0:1.18-0.1.beta1.el5_3.2
  • lcms-debuginfo-0:1.18-0.1.beta1.el5_3.2
  • lcms-devel-0:1.18-0.1.beta1.el5_3.2
  • python-lcms-0:1.18-0.1.beta1.el5_3.2
  • java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5
refmap via4
bid 34185
bugtraq
  • 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)
  • 20090320 [oCERT-2009-003] LittleCMS integer errors
confirm https://bugzilla.redhat.com/show_bug.cgi?id=487508
debian
  • DSA-1745
  • DSA-1769
fedora
  • FEDORA-2009-2903
  • FEDORA-2009-2910
  • FEDORA-2009-2928
  • FEDORA-2009-2970
  • FEDORA-2009-2982
  • FEDORA-2009-2983
  • FEDORA-2009-3034
gentoo GLSA-200904-19
mandriva
  • MDVSA-2009:121
  • MDVSA-2009:137
  • MDVSA-2009:162
misc
sectrack 1021869
secunia
  • 34367
  • 34382
  • 34400
  • 34408
  • 34418
  • 34442
  • 34450
  • 34454
  • 34463
  • 34632
  • 34675
  • 34782
slackware SSA:2009-083-01
suse SUSE-SR:2009:007
ubuntu USN-744-1
vupen ADV-2009-0775
xf littlecms-unspecified-bo(49326)
Last major update 07-02-2022 - 18:18
Published 23-03-2009 - 14:19
Last modified 07-02-2022 - 18:18
Back to Top