// For flags

CVE-2009-0723

LittleCms integer overflow

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Múltiples desbordamientos de enteros en LittleCMS (también conocido como lcms o liblcms) anteriores a v1.18beta2, como el utilizado en Firefox v3.1beta, OpenJDK, y GIMP, permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de un fichero de imagen manipulado, que provoca un desbordamiento de buffer basada en montículo. NOTA: algunos de estos detalles son obtenidos de información de terceras personas.

Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-02-24 CVE Reserved
  • 2009-03-23 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (42)
URL Date SRC
http://www.securityfocus.com/bid/34185 2022-02-07
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html 2022-02-07
http://security.gentoo.org/glsa/glsa-200904-19.xml 2022-02-07
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 2022-02-07
http://www.debian.org/security/2009/dsa-1745 2022-02-07
http://www.debian.org/security/2009/dsa-1769 2022-02-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 2022-02-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 2022-02-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 2022-02-07
http://www.redhat.com/support/errata/RHSA-2009-0339.html 2022-02-07
http://www.ubuntu.com/usn/USN-744-1 2022-02-07
https://bugzilla.redhat.com/show_bug.cgi?id=487508 2009-04-07
https://rhn.redhat.com/errata/RHSA-2009-0377.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html 2022-02-07
https://access.redhat.com/security/cve/CVE-2009-0723 2009-04-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gimp
Search vendor "Gimp"
Gimp
Search vendor "Gimp" for product "Gimp"
*-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
3.1
Search vendor "Mozilla" for product "Firefox" and version "3.1"
beta1
Affected
Sun
Search vendor "Sun"
Openjdk
Search vendor "Sun" for product "Openjdk"
<= 7
Search vendor "Sun" for product "Openjdk" and version " <= 7"
-
Affected
Littlecms
Search vendor "Littlecms"
Little Cms
Search vendor "Littlecms" for product "Little Cms"
<= 1.17
Search vendor "Littlecms" for product "Little Cms" and version " <= 1.17"
-
Affected