This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Littlecms First view 2007-05-17
Product Lcms Last view 2009-03-23
Version 1.08 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:littlecms:lcms

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2009-03-23 CVE-2009-0733

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

9.3 2009-03-23 CVE-2009-0723

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

4.3 2009-03-23 CVE-2009-0581

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

10 2008-12-03 CVE-2008-5317

Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.

10 2008-12-03 CVE-2008-5316

Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.

9.3 2007-05-17 CVE-2007-2741

Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.

CWE : Common Weakness Enumeration

%idName
50% (3) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33% (2) CWE-189 Numeric Errors
16% (1) CWE-399 Resource Management Errors

Open Source Vulnerability Database (OSVDB)

id Description
56309 Little CMS (lcms) ReadSetOfCurves Function Image File Handling Overflow
56308 Little CMS (lcms) Image File Handling Unspecified Overflow
56307 Little CMS (lcms) Image File Handling Memory Exhaustion DoS
50584 Little CMS Color Engine (lcms) src/cmsgamma.c cmsAllocGamma Function Unspecif...
50583 Little CMS Color Engine (lcms) src/cmsio1.c ReadEmbeddedTextTag Function Over...
36179 Little CMS (lcms) ICC Profile Parsing Overflow

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2011-08-09 Name : CentOS Update for java CESA-2009:0377 centos5 i386
File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl
2011-08-09 Name : CentOS Update for lcms CESA-2009:0011 centos5 i386
File : nvt/gb_CESA-2009_0011_lcms_centos5_i386.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:121-1 (lcms)
File : nvt/mdksa_2009_121_1.nasl
2009-10-13 Name : SLES10: Security update for liblcms,liblcms-devel
File : nvt/sles10_liblcms0.nasl
2009-10-13 Name : SLES10: Security update for liblcms
File : nvt/sles10_liblcms.nasl
2009-10-11 Name : SLES11: Security update for lcms
File : nvt/sles11_lcms.nasl
2009-10-10 Name : SLES9: Security update for liblcms
File : nvt/sles9p5045880.nasl
2009-10-10 Name : SLES9: Security update for liblcms,liblcms-devel
File : nvt/sles9p5021001.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_162.nasl
2009-06-23 Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_137.nasl
2009-06-05 Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-06-05 Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:121 (lcms)
File : nvt/mdksa_2009_121.nasl
2009-05-11 Name : Fedora Core 9 FEDORA-2009-3914 (lcms)
File : nvt/fcore_2009_3914.nasl
2009-05-11 Name : Fedora Core 10 FEDORA-2009-3967 (lcms)
File : nvt/fcore_2009_3967.nasl
2009-04-20 Name : Gentoo Security Advisory GLSA 200904-19 (littlecms)
File : nvt/glsa_200904_19.nasl
2009-04-15 Name : RedHat Security Advisory RHSA-2009:0377
File : nvt/RHSA_2009_0377.nasl
2009-04-15 Name : Debian Security Advisory DSA 1769-1 (openjdk-6)
File : nvt/deb_1769_1.nasl
2009-04-15 Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_0377.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-3034 (java-1.6.0-openjdk)
File : nvt/fcore_2009_3034.nasl
2009-03-31 Name : SuSE Security Summary SUSE-SR:2009:007
File : nvt/suse_sr_2009_007.nasl
2009-03-31 Name : Debian Security Advisory DSA 1745-1 (lcms)
File : nvt/deb_1745_1.nasl
2009-03-31 Name : Debian Security Advisory DSA 1745-2 (lcms)
File : nvt/deb_1745_2.nasl
2009-03-31 Name : Fedora Core 10 FEDORA-2009-2903 (lcms)
File : nvt/fcore_2009_2903.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2910 (lcms)
File : nvt/fcore_2009_2910.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-11.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0377.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0339.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0011.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090319_lcms_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090107_lcms_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-0011.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-0377.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_liblcms-6048.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_lcms-090317.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12361.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_11955.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_lcms-090309.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_java-1_6_0-openjdk-090312.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_lcms-090309.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_java-1_6_0-openjdk-090312.nasl - Type: ACT_GATHER_INFO
2009-06-21 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-137.nasl - Type: ACT_GATHER_INFO
2009-05-22 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-121.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Fedora host is missing a security update.
File: fedora_2009-2970.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-744-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-693-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-652-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Fedora host is missing a security update.
File: fedora_2009-2982.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Fedora host is missing a security update.
File: fedora_2009-2903.nasl - Type: ACT_GATHER_INFO