Lucene search

[email protected]CVE-2009-0723

HistoryMar 23, 2009 - 2:19 p.m.

CVE-2009-0723

2009-03-2314:19:12

CWE-190

[email protected]

web.nvd.nist.gov

cve-2009-0723

littlecms

lcms

liblcms

integer overflows

arbitrary code execution

image file

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

gimpgimp

mozillafirefoxMatch3.1beta1

sunopenjdkRange≤7

Node

littlecmslittle_cmsRange≤1.17

CPENameOperatorVersion
gimp:gimpgimpeq*
mozilla:firefoxmozilla firefoxeq3.1
sun:openjdksun openjdkle7

CPE	Name	Operator	Version
gimp:gimp	gimp	eq	*
mozilla:firefox	mozilla firefox	eq	3.1
sun:openjdk	sun openjdk	le	7

References

lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

scary.beasts.org/security/CESA-2009-003.html

scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html

secunia.com/advisories/34367

secunia.com/advisories/34382

secunia.com/advisories/34400

secunia.com/advisories/34408

secunia.com/advisories/34418

secunia.com/advisories/34442

secunia.com/advisories/34450

secunia.com/advisories/34454

secunia.com/advisories/34463

secunia.com/advisories/34632

secunia.com/advisories/34675

secunia.com/advisories/34782

security.gentoo.org/glsa/glsa-200904-19.xml

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438

www.debian.org/security/2009/dsa-1745

www.debian.org/security/2009/dsa-1769

www.mandriva.com/security/advisories?name=MDVSA-2009:121

www.mandriva.com/security/advisories?name=MDVSA-2009:137

www.mandriva.com/security/advisories?name=MDVSA-2009:162

www.ocert.org/advisories/ocert-2009-003.html

www.redhat.com/support/errata/RHSA-2009-0339.html

www.securityfocus.com/archive/1/502018/100/0/threaded

www.securityfocus.com/archive/1/502031/100/0/threaded

www.securityfocus.com/bid/34185

www.securitytracker.com/id?1021869

www.ubuntu.com/usn/USN-744-1

www.vupen.com/english/advisories/2009/0775

bugzilla.redhat.com/show_bug.cgi?id=487508

exchange.xforce.ibmcloud.com/vulnerabilities/49326

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780

rhn.redhat.com/errata/RHSA-2009-0377.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

Related for CVE-2009-0723

ubuntucve1 prion1 nvd1 cvelist1 veracode1 nessus28 openvas57 fedora9 redhat2 slackware1 osv2 debian3 seebug1 ubuntu1 oraclelinux2 gentoo1 securityvulns3 centos1