Executive Summary

Informations
NameCVE-2009-0733First vendor Publication2009-03-23
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9742
 
Oval ID: oval:org.mitre.oval:def:9742
Title: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Description: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0733
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22595
 
Oval ID: oval:org.mitre.oval:def:22595
Title: ELSA-2009:0339: lcms security update (Moderate)
Description: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Family: unix Class: patch
Reference(s): ELSA-2009:0339-01
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
Version: 14
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application11
Application1
Application1

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for java CESA-2009:0377 centos5 i386
File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl
2009-12-10Name : Mandriva Security Advisory MDVSA-2009:121-1 (lcms)
File : nvt/mdksa_2009_121_1.nasl
2009-10-13Name : SLES10: Security update for liblcms
File : nvt/sles10_liblcms.nasl
2009-10-11Name : SLES11: Security update for lcms
File : nvt/sles11_lcms.nasl
2009-10-10Name : SLES9: Security update for liblcms
File : nvt/sles9p5045880.nasl
2009-08-17Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_162.nasl
2009-06-23Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_137.nasl
2009-06-05Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-05Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-06-05Name : Mandrake Security Advisory MDVSA-2009:121 (lcms)
File : nvt/mdksa_2009_121.nasl
2009-05-11Name : Fedora Core 9 FEDORA-2009-3914 (lcms)
File : nvt/fcore_2009_3914.nasl
2009-05-11Name : Fedora Core 10 FEDORA-2009-3967 (lcms)
File : nvt/fcore_2009_3967.nasl
2009-04-20Name : Gentoo Security Advisory GLSA 200904-19 (littlecms)
File : nvt/glsa_200904_19.nasl
2009-04-15Name : RedHat Security Advisory RHSA-2009:0377
File : nvt/RHSA_2009_0377.nasl
2009-04-15Name : Debian Security Advisory DSA 1769-1 (openjdk-6)
File : nvt/deb_1769_1.nasl
2009-04-15Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_0377.nasl
2009-03-31Name : Debian Security Advisory DSA 1745-1 (lcms)
File : nvt/deb_1745_1.nasl
2009-03-31Name : Debian Security Advisory DSA 1745-2 (lcms)
File : nvt/deb_1745_2.nasl
2009-03-31Name : Fedora Core 10 FEDORA-2009-2903 (lcms)
File : nvt/fcore_2009_2903.nasl
2009-03-31Name : Fedora Core 9 FEDORA-2009-2910 (lcms)
File : nvt/fcore_2009_2910.nasl
2009-03-31Name : Fedora Core 9 FEDORA-2009-2928 (lcms)
File : nvt/fcore_2009_2928.nasl
2009-03-31Name : Fedora Core 10 FEDORA-2009-2970 (lcms)
File : nvt/fcore_2009_2970.nasl
2009-03-31Name : Fedora Core 10 FEDORA-2009-2982 (java-1.6.0-openjdk)
File : nvt/fcore_2009_2982.nasl
2009-03-31Name : Fedora Core 9 FEDORA-2009-2983 (java-1.6.0-openjdk)
File : nvt/fcore_2009_2983.nasl
2009-03-31Name : Fedora Core 9 FEDORA-2009-3034 (java-1.6.0-openjdk)
File : nvt/fcore_2009_3034.nasl
2009-03-31Name : SuSE Security Summary SUSE-SR:2009:007
File : nvt/suse_sr_2009_007.nasl
2009-03-20Name : RedHat Security Advisory RHSA-2009:0339
File : nvt/RHSA_2009_0339.nasl
0000-00-00Name : Slackware Advisory SSA:2009-083-01 lcms
File : nvt/esoft_slk_ssa_2009_083_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
56309Little CMS (lcms) ReadSetOfCurves Function Image File Handling Overflow

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0339.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090319_lcms_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_liblcms-6048.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12361.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_lcms-090317.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for java-1_6_0-openjdk
File : suse_11_1_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for java-1_6_0-openjdk
File : suse_11_0_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for lcms
File : suse_11_1_lcms-090309.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for lcms
File : suse_11_0_lcms-090309.nasl - Type : ACT_GATHER_INFO
2009-06-21Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO
2009-05-22Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-121.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-744-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2009-2903.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2009-2970.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2009-2982.nasl - Type : ACT_GATHER_INFO
2009-04-21Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200904-19.nasl - Type : ACT_GATHER_INFO
2009-04-13Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO
2009-04-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-03-27Name : The remote Fedora host is missing a security update.
File : fedora_2009-3034.nasl - Type : ACT_GATHER_INFO
2009-03-25Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-083-01.nasl - Type : ACT_GATHER_INFO
2009-03-24Name : The remote SuSE system is missing the security patch liblcms-6049
File : suse_liblcms-6049.nasl - Type : ACT_GATHER_INFO
2009-03-24Name : The remote Fedora host is missing a security update.
File : fedora_2009-2910.nasl - Type : ACT_GATHER_INFO
2009-03-24Name : The remote Fedora host is missing a security update.
File : fedora_2009-2928.nasl - Type : ACT_GATHER_INFO
2009-03-24Name : The remote Fedora host is missing a security update.
File : fedora_2009-2983.nasl - Type : ACT_GATHER_INFO
2009-03-20Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1745.nasl - Type : ACT_GATHER_INFO
2009-03-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0339.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/34185
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/502018/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/502031/100/0/threaded
CONFIRMhttps://bugzilla.redhat.com/show_bug.cgi?id=487512
DEBIANhttp://www.debian.org/security/2009/dsa-1745
http://www.debian.org/security/2009/dsa-1769
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html
GENTOOhttp://security.gentoo.org/glsa/glsa-200904-19.xml
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:121
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
MISChttp://scary.beasts.org/security/CESA-2009-003.html
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
http://www.ocert.org/advisories/ocert-2009-003.html
REDHAThttp://www.redhat.com/support/errata/RHSA-2009-0339.html
https://rhn.redhat.com/errata/RHSA-2009-0377.html
SECTRACKhttp://www.securitytracker.com/id?1021869
SECUNIAhttp://secunia.com/advisories/34367
http://secunia.com/advisories/34382
http://secunia.com/advisories/34400
http://secunia.com/advisories/34408
http://secunia.com/advisories/34418
http://secunia.com/advisories/34442
http://secunia.com/advisories/34450
http://secunia.com/advisories/34454
http://secunia.com/advisories/34463
http://secunia.com/advisories/34632
http://secunia.com/advisories/34675
http://secunia.com/advisories/34782
SLACKWAREhttp://slackware.com/security/viewer.php?l=slackware-security&y=2009&...
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
UBUNTUhttp://www.ubuntu.com/usn/USN-744-1
VUPENhttp://www.vupen.com/english/advisories/2009/0775
XFhttp://xforce.iss.net/xforce/xfdb/49330
http://xforce.iss.net/xforce/xfdb/49330

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:49:00
  • Multiple Updates
2013-05-10 23:45:11
  • Multiple Updates