CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2009-0733 – LittleCms lack of upper-bounds check on sizes
https://notcve.org/view.php?id=CVE-2009-0733
23 Mar 2009 — Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. Múltiples desbordamientos de búfer basados en pila en la función ReadSetOfCurves en LittleCMS (alias LCMS o liblcms) antes d... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2009-0581 – LittleCms memory leak
https://notcve.org/view.php?id=CVE-2009-0581
23 Mar 2009 — Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Fuga de memoria en versiones de LittleCMS (alias LCMS o liblcms) anteriores a la 1.18beta2, tal como se utiliza en Firefox 3.1beta, OpenJDK, y el GIMP, permite causar, a atacantes dependientes de contexto, una denegación de servicio (mediante consumo de memoria y cai... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-401: Missing Release of Memory after Effective Lifetime •