Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2009:121-1 First vendor Publication 2009-12-02
Vendor Mandriva Last vendor Modification 2009-12-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple security vulnerabilities has been identified and fixed in Little cms:

A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581).

Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723).

Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733).

A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793).

This update provides fixes for these issues.

Update:

Packages for 2008.0 are being provided due to extended support for Corporate products.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:121-1

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
25 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')
25 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10023
 
Oval ID: oval:org.mitre.oval:def:10023
Title: Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
Description: Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0581
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11340
 
Oval ID: oval:org.mitre.oval:def:11340
Title: cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
Description: cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0793
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11780
 
Oval ID: oval:org.mitre.oval:def:11780
Title: Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Description: Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0723
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13131
 
Oval ID: oval:org.mitre.oval:def:13131
Title: USN-744-1 -- lcms vulnerabilities
Description: Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges
Family: unix Class: patch
Reference(s): USN-744-1
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): lcms
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13518
 
Oval ID: oval:org.mitre.oval:def:13518
Title: USN-1043-1 -- lcms vulnerability
Description: It was discovered that a NULL pointer dereference in the code for handling transformations of monochrome profiles could allow an attacker to cause a denial of service through a specially crafted image
Family: unix Class: patch
Reference(s): USN-1043-1
CVE-2009-0793
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): lcms
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13591
 
Oval ID: oval:org.mitre.oval:def:13591
Title: DSA-1745-2 lcms -- several vulnerabilities
Description: This update fixes a possible regression introduced in DSA-1745-1 and also enhances the security patch. For reference the original advisory text is below. Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities andi Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny2. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch3. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages.
Family: unix Class: patch
Reference(s): DSA-1745-2
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): lcms
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13746
 
Oval ID: oval:org.mitre.oval:def:13746
Title: DSA-1745-1 lcms -- several vulnerabilities
Description: Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny1. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch2. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages.
Family: unix Class: patch
Reference(s): DSA-1745-1
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): lcms
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22595
 
Oval ID: oval:org.mitre.oval:def:22595
Title: ELSA-2009:0339: lcms security update (Moderate)
Description: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Family: unix Class: patch
Reference(s): ELSA-2009:0339-01
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
Version: 17
Platform(s): Oracle Linux 5
Product(s): lcms
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29236
 
Oval ID: oval:org.mitre.oval:def:29236
Title: RHSA-2009:0339 -- lcms security update (Moderate)
Description: Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS) is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733)
Family: unix Class: patch
Reference(s): RHSA-2009:0339
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Product(s): lcms
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7412
 
Oval ID: oval:org.mitre.oval:def:7412
Title: DSA-1745 lcms -- several vulnerabilities
Description: Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. Chris Evans discovered the lack of upper-bounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1745
CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
Version: 3
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): lcms
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9742
 
Oval ID: oval:org.mitre.oval:def:9742
Title: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Description: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0733
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 4

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for java CESA-2009:0377 centos5 i386
File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl
2011-01-14 Name : Ubuntu Update for lcms vulnerability USN-1043-1
File : nvt/gb_ubuntu_USN_1043_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:121-1 (lcms)
File : nvt/mdksa_2009_121_1.nasl
2009-10-13 Name : SLES10: Security update for liblcms
File : nvt/sles10_liblcms.nasl
2009-10-11 Name : SLES11: Security update for lcms
File : nvt/sles11_lcms.nasl
2009-10-10 Name : SLES9: Security update for liblcms
File : nvt/sles9p5045880.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_162.nasl
2009-06-23 Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_137.nasl
2009-06-05 Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-06-05 Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:121 (lcms)
File : nvt/mdksa_2009_121.nasl
2009-05-11 Name : Fedora Core 9 FEDORA-2009-3914 (lcms)
File : nvt/fcore_2009_3914.nasl
2009-05-11 Name : Fedora Core 10 FEDORA-2009-3967 (lcms)
File : nvt/fcore_2009_3967.nasl
2009-04-20 Name : Gentoo Security Advisory GLSA 200904-19 (littlecms)
File : nvt/glsa_200904_19.nasl
2009-04-15 Name : Fedora Core 10 FEDORA-2009-3426 (java-1.6.0-openjdk)
File : nvt/fcore_2009_3426.nasl
2009-04-15 Name : RedHat Security Advisory RHSA-2009:0377
File : nvt/RHSA_2009_0377.nasl
2009-04-15 Name : Debian Security Advisory DSA 1769-1 (openjdk-6)
File : nvt/deb_1769_1.nasl
2009-04-15 Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_0377.nasl
2009-04-15 Name : Fedora Core 9 FEDORA-2009-3425 (java-1.6.0-openjdk)
File : nvt/fcore_2009_3425.nasl
2009-03-31 Name : Fedora Core 10 FEDORA-2009-2982 (java-1.6.0-openjdk)
File : nvt/fcore_2009_2982.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2983 (java-1.6.0-openjdk)
File : nvt/fcore_2009_2983.nasl
2009-03-31 Name : Fedora Core 10 FEDORA-2009-2970 (lcms)
File : nvt/fcore_2009_2970.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2928 (lcms)
File : nvt/fcore_2009_2928.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2910 (lcms)
File : nvt/fcore_2009_2910.nasl
2009-03-31 Name : Fedora Core 10 FEDORA-2009-2903 (lcms)
File : nvt/fcore_2009_2903.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-3034 (java-1.6.0-openjdk)
File : nvt/fcore_2009_3034.nasl
2009-03-31 Name : Debian Security Advisory DSA 1745-2 (lcms)
File : nvt/deb_1745_2.nasl
2009-03-31 Name : SuSE Security Summary SUSE-SR:2009:007
File : nvt/suse_sr_2009_007.nasl
2009-03-31 Name : Debian Security Advisory DSA 1745-1 (lcms)
File : nvt/deb_1745_1.nasl
2009-03-20 Name : RedHat Security Advisory RHSA-2009:0339
File : nvt/RHSA_2009_0339.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-083-01 lcms
File : nvt/esoft_slk_ssa_2009_083_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56310 Little CMS (lcms) cmsxform.c Image Handling Monochrome Profile Transformation...

56309 Little CMS (lcms) ReadSetOfCurves Function Image File Handling Overflow

56308 Little CMS (lcms) Image File Handling Unspecified Overflow

56307 Little CMS (lcms) Image File Handling Memory Exhaustion DoS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0339.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090319_lcms_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-01-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1043-1.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_liblcms-6048.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_lcms-090317.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12361.nasl - Type : ACT_GATHER_INFO
2009-08-31 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-090827.nasl - Type : ACT_GATHER_INFO
2009-08-31 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-openjdk-090826.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_lcms-090309.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_lcms-090309.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO
2009-06-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO
2009-05-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-121.nasl - Type : ACT_GATHER_INFO
2009-05-11 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3967.nasl - Type : ACT_GATHER_INFO
2009-05-11 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3914.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-744-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2903.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2970.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2982.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3426.nasl - Type : ACT_GATHER_INFO
2009-04-21 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200904-19.nasl - Type : ACT_GATHER_INFO
2009-04-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3425.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3034.nasl - Type : ACT_GATHER_INFO
2009-03-25 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-083-01.nasl - Type : ACT_GATHER_INFO
2009-03-24 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2983.nasl - Type : ACT_GATHER_INFO
2009-03-24 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2928.nasl - Type : ACT_GATHER_INFO
2009-03-24 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2910.nasl - Type : ACT_GATHER_INFO
2009-03-24 Name : The remote openSUSE host is missing a security update.
File : suse_liblcms-6049.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0339.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1745.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:40:19
  • Multiple Updates