// For flags

CVE-2009-0733

LittleCms lack of upper-bounds check on sizes

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

Múltiples desbordamientos de búfer basados en pila en la función ReadSetOfCurves en LittleCMS (alias LCMS o liblcms) antes de la versión 1.18beta2, tal y como se usa en Firefox 3.1beta, OpenJDK, y GIMP, permiten ejecutar código arbitrario, a atacantes dependientes de contexto, a través de un archivo de imagen modificado con valores de enteros demasiado grandes en el (1) canal de entrada o (2) canal de salida, en relación con las funciones ReadLUT_A2B y ReadLUT_B2A.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-02-25 CVE Reserved
  • 2009-03-23 CVE Published
  • 2023-09-21 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
References (42)
URL Tag Source
http://secunia.com/advisories/34367 Broken Link
http://secunia.com/advisories/34382 Broken Link
http://secunia.com/advisories/34400 Broken Link
http://secunia.com/advisories/34408 Broken Link
http://secunia.com/advisories/34418 Broken Link
http://secunia.com/advisories/34442 Broken Link
http://secunia.com/advisories/34450 Broken Link
http://secunia.com/advisories/34454 Broken Link
http://secunia.com/advisories/34463 Broken Link
http://secunia.com/advisories/34632 Broken Link
http://secunia.com/advisories/34675 Broken Link
http://secunia.com/advisories/34782 Broken Link
http://www.ocert.org/advisories/ocert-2009-003.html Third Party Advisory
http://www.securityfocus.com/archive/1/502018/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/502031/100/0/threaded Mailing List
http://www.securityfocus.com/bid/34185 Broken Link
http://www.securitytracker.com/id?1021869 Broken Link
http://www.vupen.com/english/advisories/2009/0775 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/49330 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742 Signature
URL Date SRC
http://scary.beasts.org/security/CESA-2009-003.html 2024-08-07
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html 2024-08-07
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html 2022-02-07
http://security.gentoo.org/glsa/glsa-200904-19.xml 2022-02-07
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 2022-02-07
http://www.debian.org/security/2009/dsa-1745 2022-02-07
http://www.debian.org/security/2009/dsa-1769 2022-02-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 2022-02-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 2022-02-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 2022-02-07
http://www.redhat.com/support/errata/RHSA-2009-0339.html 2022-02-07
http://www.ubuntu.com/usn/USN-744-1 2022-02-07
https://bugzilla.redhat.com/show_bug.cgi?id=487512 2009-04-07
https://rhn.redhat.com/errata/RHSA-2009-0377.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html 2022-02-07
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html 2022-02-07
https://access.redhat.com/security/cve/CVE-2009-0733 2009-04-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gimp
Search vendor "Gimp"
 Gimp
Search vendor "Gimp" for product "Gimp"
*-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 3.1
Search vendor "Mozilla" for product "Firefox" and version "3.1"
beta1
Affected
Sun
Search vendor "Sun"
 Openjdk
Search vendor "Sun" for product "Openjdk"
 <= 7
Search vendor "Sun" for product "Openjdk" and version " <= 7"
-
Affected
Littlecms
Search vendor "Littlecms"
 Little Cms
Search vendor "Littlecms" for product "Little Cms"
 <= 1.17
Search vendor "Littlecms" for product "Little Cms" and version " <= 1.17"
-
Affected