9.3 - GLSA-200904-19

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	LittleCMS: Multiple vulnerabilities

Informations
Name	GLSA-200904-19	First vendor Publication	2009-04-19
Vendor	Gentoo	Last vendor Modification	2009-04-19
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple errors in LittleCMS allow for attacks including the remote execution of arbitrary code.

Background

LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP and Firefox.

Description

RedHat reported a null-pointer dereference flaw while processing monochrome ICC profiles (CVE-2009-0793).

Chris Evans of Google discovered the following vulnerabilities:

* LittleCMS contains severe memory leaks (CVE-2009-0581).

* LittleCMS is prone to multiple integer overflows, leading to a heap-based buffer overflow (CVE-2009-0723).

* The ReadSetOfCurves() function is vulnerable to stack-based buffer overflows when called from code paths without a bounds check on channel counts (CVE-2009-0733).

Impact

A remote attacker could entice a user or automated system to open a specially crafted file containing a malicious ICC profile, possibly resulting in the execution of arbitrary code with the privileges of the user running the application or memory exhaustion, leading to a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All LittleCMS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/lcms-1.18-r1"

References

[ 1 ] CVE-2009-0581 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
[ 2 ] CVE-2009-0723 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
[ 3 ] CVE-2009-0733 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
[ 4 ] CVE-2009-0793 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200904-19.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200904-19.xml

CWE : Common Weakness Enumeration

%	Id	Name
25 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)
25 %	CWE-401	Failure to Release Memory Before Removing Last Reference ('Memory Leak')
25 %	CWE-190	Integer Overflow or Wraparound (CWE/SANS Top 25)
25 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10023

Oval ID:	oval:org.mitre.oval:def:10023
Title:	Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
Description:	Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0581	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section python-lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND lcms-devel is earlier than 0:1.18-0.1.beta1.el5_3.2 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-0.30.b09.el5 AND lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-0.30.b09.el5

Definition Id: oval:org.mitre.oval:def:11340

Oval ID:	oval:org.mitre.oval:def:11340
Title:	cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
Description:	cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0793	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-0.30.b09.el5

Definition Id: oval:org.mitre.oval:def:11780

Oval ID:	oval:org.mitre.oval:def:11780
Title:	Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Description:	Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0723	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section python-lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND lcms-devel is earlier than 0:1.18-0.1.beta1.el5_3.2 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-0.30.b09.el5 AND lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-0.30.b09.el5

Definition Id: oval:org.mitre.oval:def:13131

Oval ID:	oval:org.mitre.oval:def:13131
Title:	USN-744-1 -- lcms vulnerabilities
Description:	Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges
Family:	unix	Class:	patch
Reference(s):	USN-744-1 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	5
Platform(s):	Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10	Product(s):	lcms
Definition Synopsis:
Release section Ubuntu 7.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.16-5ubuntu3.2 AND python-liblcms DPKG is earlier than 1.16-5ubuntu3.2 AND liblcms-utils DPKG is earlier than 1.16-5ubuntu3.2 AND liblcms1 DPKG is earlier than 1.16-5ubuntu3.2 OR Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.16-7ubuntu1.2 AND python-liblcms DPKG is earlier than 1.16-7ubuntu1.2 AND liblcms-utils DPKG is earlier than 1.16-7ubuntu1.2 AND liblcms1 DPKG is earlier than 1.16-7ubuntu1.2 OR Release section Ubuntu 6.06 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.13-1ubuntu0.2 AND liblcms-utils DPKG is earlier than 1.13-1ubuntu0.2 AND liblcms1 DPKG is earlier than 1.13-1ubuntu0.2 OR Release section Ubuntu 8.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.16-10ubuntu0.2 AND python-liblcms DPKG is earlier than 1.16-10ubuntu0.2 AND liblcms-utils DPKG is earlier than 1.16-10ubuntu0.2 AND liblcms1 DPKG is earlier than 1.16-10ubuntu0.2

Definition Id: oval:org.mitre.oval:def:13518

Oval ID:	oval:org.mitre.oval:def:13518
Title:	USN-1043-1 -- lcms vulnerability
Description:	It was discovered that a NULL pointer dereference in the code for handling transformations of monochrome profiles could allow an attacker to cause a denial of service through a specially crafted image
Family:	unix	Class:	patch
Reference(s):	USN-1043-1 CVE-2009-0793	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04	Product(s):	lcms
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.16-7ubuntu1.3 AND python-liblcms DPKG is earlier than 1.16-7ubuntu1.3 AND liblcms-utils DPKG is earlier than 1.16-7ubuntu1.3 AND liblcms1 DPKG is earlier than 1.16-7ubuntu1.3 OR Release section Ubuntu 10.10 is installed AND Supported architectures section Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.18.dfsg-1ubuntu2.10.10.1 AND liblcms1 DPKG is earlier than 1.18.dfsg-1ubuntu2.10.10.1 AND liblcms-utils DPKG is earlier than 1.18.dfsg-1ubuntu2.10.10.1 AND python-liblcms DPKG is earlier than 1.18.dfsg-1ubuntu2.10.10.1 OR Release section Ubuntu 9.10 is installed AND Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is armel AND Installed architecture is lpia AND Packages section liblcms1-dev DPKG is earlier than 1.18.dfsg-1ubuntu1.1 AND liblcms1 DPKG is earlier than 1.18.dfsg-1ubuntu1.1 AND liblcms-utils DPKG is earlier than 1.18.dfsg-1ubuntu1.1 AND python-liblcms DPKG is earlier than 1.18.dfsg-1ubuntu1.1 OR Release section Ubuntu 10.04 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section liblcms1-dev DPKG is earlier than 1.18.dfsg-1ubuntu2.10.04.1 AND python-liblcms DPKG is earlier than 1.18.dfsg-1ubuntu2.10.04.1 AND liblcms-utils DPKG is earlier than 1.18.dfsg-1ubuntu2.10.04.1 AND liblcms1 DPKG is earlier than 1.18.dfsg-1ubuntu2.10.04.1

Definition Id: oval:org.mitre.oval:def:13591

Oval ID:	oval:org.mitre.oval:def:13591
Title:	DSA-1745-2 lcms -- several vulnerabilities
Description:	This update fixes a possible regression introduced in DSA-1745-1 and also enhances the security patch. For reference the original advisory text is below. Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities andi Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny2. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch3. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1745-2 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	lcms
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section liblcms1-dev DPKG is earlier than 1.17.dfsg-1+lenny2 AND liblcms1 DPKG is earlier than 1.17.dfsg-1+lenny2 AND liblcms-utils DPKG is earlier than 1.17.dfsg-1+lenny2 AND python-liblcms DPKG is earlier than 1.17.dfsg-1+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section liblcms1-dev DPKG is earlier than 1.15-1.1+etch3 AND liblcms-utils DPKG is earlier than 1.15-1.1+etch3 AND liblcms1 DPKG is earlier than 1.15-1.1+etch3

Definition Id: oval:org.mitre.oval:def:13746

Oval ID:	oval:org.mitre.oval:def:13746
Title:	DSA-1745-1 lcms -- several vulnerabilities
Description:	Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0581 Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. CVE-2009-0723 Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. CVE-2009-0733 Chris Evans discovered the lack of upper-gounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code. For the stable distribution, these problems have been fixed in version 1.17.dfsg-1+lenny1. For the oldstable distribution, these problems have been fixed in version 1.15-1.1+etch2. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your lcms packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1745-1 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	lcms
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section liblcms1-dev DPKG is earlier than 1.17.dfsg-1+lenny1 AND liblcms1 DPKG is earlier than 1.17.dfsg-1+lenny1 AND liblcms-utils DPKG is earlier than 1.17.dfsg-1+lenny1 AND python-liblcms DPKG is earlier than 1.17.dfsg-1+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section liblcms1-dev DPKG is earlier than 1.15-1.1+etch2 AND liblcms-utils DPKG is earlier than 1.15-1.1+etch2 AND liblcms1 DPKG is earlier than 1.15-1.1+etch2

Definition Id: oval:org.mitre.oval:def:22595

Oval ID:	oval:org.mitre.oval:def:22595
Title:	ELSA-2009:0339: lcms security update (Moderate)
Description:	Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:0339-01 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	17
Platform(s):	Oracle Linux 5	Product(s):	lcms
Definition Synopsis:
Oracle Linux 5.x rpm test lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND lcms-devel is earlier than 0:1.18-0.1.beta1.el5_3.2 AND python-lcms is earlier than 0:1.18-0.1.beta1.el5_3.2

Definition Id: oval:org.mitre.oval:def:29236

Oval ID:	oval:org.mitre.oval:def:29236
Title:	RHSA-2009:0339 -- lcms security update (Moderate)
Description:	Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS) is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733)
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:0339 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	3
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	lcms
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section lcms-devel is earlier than 0:1.18-0.1.beta1.el5_3.2 AND lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND python-lcms is earlier than 0:1.18-0.1.beta1.el5_3.2

Definition Id: oval:org.mitre.oval:def:7412

Oval ID:	oval:org.mitre.oval:def:7412
Title:	DSA-1745 lcms -- several vulnerabilities
Description:	Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. Chris Evans discovered the lack of upper-bounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-1745 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	lcms
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section liblcms1-dev is earlier than 1.17.dfsg-1+lenny1 AND liblcms1 is earlier than 1.17.dfsg-1+lenny1 AND liblcms-utils is earlier than 1.17.dfsg-1+lenny1 AND python-liblcms is earlier than 1.17.dfsg-1+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section liblcms1-dev is earlier than 1.15-1.1+etch2 AND liblcms-utils is earlier than 1.15-1.1+etch2 AND liblcms1 is earlier than 1.15-1.1+etch2

Definition Id: oval:org.mitre.oval:def:9742

Oval ID:	oval:org.mitre.oval:def:9742
Title:	Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Description:	Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0733	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section python-lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND lcms-devel is earlier than 0:1.18-0.1.beta1.el5_3.2 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-0.30.b09.el5 AND lcms is earlier than 0:1.18-0.1.beta1.el5_3.2 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-0.30.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-0.30.b09.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gimp cpe:2.3:a:gimp:gimp:2.8.22:::::::* cpe:2.3:a:gimp:gimp:2.8.2:::::::* cpe:2.3:a:gimp:gimp:2.6.9:::::::* cpe:2.3:a:gimp:gimp:2.6.8:::::::* cpe:2.3:a:gimp:gimp:2.6.7:::::::* cpe:2.3:a:gimp:gimp:2.6.6:::::::* cpe:2.3:a:gimp:gimp:2.6.5:::::::* cpe:2.3:a:gimp:gimp:2.6.4:::::::* cpe:2.3:a:gimp:gimp:2.6.3:::::::* cpe:2.3:a:gimp:gimp:2.6.2:::::::* cpe:2.3:a:gimp:gimp:2.6.13:::::::* cpe:2.3:a:gimp:gimp:2.6.12:::::::* cpe:2.3:a:gimp:gimp:2.6.11:::::::* cpe:2.3:a:gimp:gimp:2.6.10:::::::* cpe:2.3:a:gimp:gimp:2.6.1:::::::* cpe:2.3:a:gimp:gimp:2.6.0:::::::* cpe:2.3:a:gimp:gimp:2.4.7:::::::* cpe:2.3:a:gimp:gimp:2.4.6:::::::* cpe:2.3:a:gimp:gimp:2.4.5:::::::* cpe:2.3:a:gimp:gimp:2.4.4:::::::* cpe:2.3:a:gimp:gimp:2.4.3:::::::* cpe:2.3:a:gimp:gimp:2.4.2:::::::* cpe:2.3:a:gimp:gimp:2.4.1:::::::* cpe:2.3:a:gimp:gimp:2.4.0:::::::* cpe:2.3:a:gimp:gimp:2.2.4:::::::* cpe:2.3:a:gimp:gimp:2.2.3:::::::* cpe:2.3:a:gimp:gimp:2.2.14:::::::* cpe:2.3:a:gimp:gimp:2.2.13:::::::* cpe:2.3:a:gimp:gimp:2.2:::::::* cpe:2.3:a:gimp:gimp:2.0.5:::::::* cpe:2.3:a:gimp:gimp:2.0:::::::* cpe:2.3:a:gimp:gimp::::::::	32
Application	Littlecms Lcms cpe:2.3:a:littlecms:lcms:1.18:::::::*	1
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:3.1:beta1::::::	1
Application	Oracle Openjdk cpe:2.3:a:oracle:openjdk:7:-:::::: cpe:2.3:a:oracle:openjdk:7:update241:::::: cpe:2.3:a:oracle:openjdk:7:update80:::::: cpe:2.3:a:oracle:openjdk:7:update85:::::: cpe:2.3:a:oracle:openjdk:7:update1:::::: cpe:2.3:a:oracle:openjdk:7:update10:::::: cpe:2.3:a:oracle:openjdk:7:update101:::::: cpe:2.3:a:oracle:openjdk:7:update11:::::: cpe:2.3:a:oracle:openjdk:7:update111:::::: cpe:2.3:a:oracle:openjdk:7:update121:::::: cpe:2.3:a:oracle:openjdk:7:update13:::::: cpe:2.3:a:oracle:openjdk:7:update131:::::: cpe:2.3:a:oracle:openjdk:7:update141:::::: cpe:2.3:a:oracle:openjdk:7:update15:::::: cpe:2.3:a:oracle:openjdk:7:update151:::::: cpe:2.3:a:oracle:openjdk:7:update161:::::: cpe:2.3:a:oracle:openjdk:7:update17:::::: cpe:2.3:a:oracle:openjdk:7:update171:::::: cpe:2.3:a:oracle:openjdk:7:update181:::::: cpe:2.3:a:oracle:openjdk:7:update191:::::: cpe:2.3:a:oracle:openjdk:7:update2:::::: cpe:2.3:a:oracle:openjdk:7:update201:::::: cpe:2.3:a:oracle:openjdk:7:update21:::::: cpe:2.3:a:oracle:openjdk:7:update211:::::: cpe:2.3:a:oracle:openjdk:7:update221:::::: cpe:2.3:a:oracle:openjdk:7:update231:::::: cpe:2.3:a:oracle:openjdk:7:update25:::::: cpe:2.3:a:oracle:openjdk:7:update251:::::: cpe:2.3:a:oracle:openjdk:7:update3:::::: cpe:2.3:a:oracle:openjdk:7:update4:::::: cpe:2.3:a:oracle:openjdk:7:update40:::::: cpe:2.3:a:oracle:openjdk:7:update45:::::: cpe:2.3:a:oracle:openjdk:7:update5:::::: cpe:2.3:a:oracle:openjdk:7:update51:::::: cpe:2.3:a:oracle:openjdk:7:update55:::::: cpe:2.3:a:oracle:openjdk:7:update6:::::: cpe:2.3:a:oracle:openjdk:7:update60:::::: cpe:2.3:a:oracle:openjdk:7:update65:::::: cpe:2.3:a:oracle:openjdk:7:update67:::::: cpe:2.3:a:oracle:openjdk:7:update7:::::: cpe:2.3:a:oracle:openjdk:7:update72:::::: cpe:2.3:a:oracle:openjdk:7:update76:::::: cpe:2.3:a:oracle:openjdk:7:update9:::::: cpe:2.3:a:oracle:openjdk:7:update91:::::: cpe:2.3:a:oracle:openjdk:7:update95:::::: cpe:2.3:a:oracle:openjdk:7:update97:::::: cpe:2.3:a:oracle:openjdk:7:update99:::::: cpe:2.3:a:oracle:openjdk:7:update271:::::: cpe:2.3:a:oracle:openjdk:7:update281:::::: cpe:2.3:a:oracle:openjdk:7:update291:::::: cpe:2.3:a:oracle:openjdk:7:update261:::::: cpe:2.3:a:oracle:openjdk:7:update301:::::: cpe:2.3:a:oracle:openjdk:7:update311:::::: cpe:2.3:a:oracle:openjdk:7:update321:::::: cpe:2.3:a:oracle:openjdk:7:update351:::::: cpe:2.3:a:oracle:openjdk:7:update331:::::: cpe:2.3:a:oracle:openjdk:1.8.0:::::::* cpe:2.3:a:oracle:openjdk:1.7.0:::::::* cpe:2.3:a:oracle:openjdk:1.7.0:-:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update2:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update3:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update4:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update5:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update6:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update7:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update9:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update10:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update11:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update13:::::: cpe:2.3:a:oracle:openjdk:1.7.0:update1:::::: cpe:2.3:a:oracle:openjdk:1.6.0:::::::* cpe:2.3:a:oracle:openjdk:1.6.0:update34:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update35:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update37:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update38:::::: cpe:2.3:a:oracle:openjdk:1.6.0:-:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update2:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update3:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update4:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update5:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update6:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update7:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update11:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update12:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update13:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update14:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update15:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update16:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update17:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update18:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update19:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update20:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update21:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update22:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update23:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update24:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update25:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update26:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update27:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update29:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update30:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update31:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update32:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update33:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update1:::::: cpe:2.3:a:oracle:openjdk:1.6.0:update10:::::: cpe:2.3:a:oracle:openjdk:::::::: cpe:2.3:a:oracle:openjdk:-:::::::*	108
Application	Sun Openjdk cpe:2.3:a:sun:openjdk:7:::::::* cpe:2.3:a:sun:openjdk:6:::::::* cpe:2.3:a:sun:openjdk:1.6.0.0:::::::* cpe:2.3:a:sun:openjdk::::::::	4

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for java CESA-2009:0377 centos5 i386 File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl
2011-01-14	Name : Ubuntu Update for lcms vulnerability USN-1043-1 File : nvt/gb_ubuntu_USN_1043_1.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:121-1 (lcms) File : nvt/mdksa_2009_121_1.nasl
2009-10-13	Name : SLES10: Security update for liblcms File : nvt/sles10_liblcms.nasl
2009-10-11	Name : SLES11: Security update for lcms File : nvt/sles11_lcms.nasl
2009-10-10	Name : SLES9: Security update for liblcms File : nvt/sles9p5045880.nasl
2009-08-17	Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk) File : nvt/mdksa_2009_162.nasl
2009-06-23	Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk) File : nvt/mdksa_2009_137.nasl
2009-06-05	Name : Ubuntu USN-744-1 (lcms) File : nvt/ubuntu_744_1.nasl
2009-06-05	Name : Ubuntu USN-743-1 (gs-gpl) File : nvt/ubuntu_743_1.nasl
2009-06-05	Name : Mandrake Security Advisory MDVSA-2009:121 (lcms) File : nvt/mdksa_2009_121.nasl
2009-05-11	Name : Fedora Core 9 FEDORA-2009-3914 (lcms) File : nvt/fcore_2009_3914.nasl
2009-05-11	Name : Fedora Core 10 FEDORA-2009-3967 (lcms) File : nvt/fcore_2009_3967.nasl
2009-04-20	Name : Gentoo Security Advisory GLSA 200904-19 (littlecms) File : nvt/glsa_200904_19.nasl
2009-04-15	Name : Fedora Core 10 FEDORA-2009-3426 (java-1.6.0-openjdk) File : nvt/fcore_2009_3426.nasl
2009-04-15	Name : RedHat Security Advisory RHSA-2009:0377 File : nvt/RHSA_2009_0377.nasl
2009-04-15	Name : Debian Security Advisory DSA 1769-1 (openjdk-6) File : nvt/deb_1769_1.nasl
2009-04-15	Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk) File : nvt/ovcesa2009_0377.nasl
2009-04-15	Name : Fedora Core 9 FEDORA-2009-3425 (java-1.6.0-openjdk) File : nvt/fcore_2009_3425.nasl
2009-03-31	Name : Fedora Core 10 FEDORA-2009-2982 (java-1.6.0-openjdk) File : nvt/fcore_2009_2982.nasl
2009-03-31	Name : Fedora Core 9 FEDORA-2009-2983 (java-1.6.0-openjdk) File : nvt/fcore_2009_2983.nasl
2009-03-31	Name : Fedora Core 10 FEDORA-2009-2970 (lcms) File : nvt/fcore_2009_2970.nasl
2009-03-31	Name : Fedora Core 9 FEDORA-2009-2928 (lcms) File : nvt/fcore_2009_2928.nasl
2009-03-31	Name : Fedora Core 9 FEDORA-2009-2910 (lcms) File : nvt/fcore_2009_2910.nasl
2009-03-31	Name : Fedora Core 10 FEDORA-2009-2903 (lcms) File : nvt/fcore_2009_2903.nasl
2009-03-31	Name : Fedora Core 9 FEDORA-2009-3034 (java-1.6.0-openjdk) File : nvt/fcore_2009_3034.nasl
2009-03-31	Name : Debian Security Advisory DSA 1745-2 (lcms) File : nvt/deb_1745_2.nasl
2009-03-31	Name : SuSE Security Summary SUSE-SR:2009:007 File : nvt/suse_sr_2009_007.nasl
2009-03-31	Name : Debian Security Advisory DSA 1745-1 (lcms) File : nvt/deb_1745_1.nasl
2009-03-20	Name : RedHat Security Advisory RHSA-2009:0339 File : nvt/RHSA_2009_0339.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-083-01 lcms File : nvt/esoft_slk_ssa_2009_083_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
56310	Little CMS (lcms) cmsxform.c Image Handling Monochrome Profile Transformation...
56309	Little CMS (lcms) ReadSetOfCurves Function Image File Handling Overflow
56308	Little CMS (lcms) Image File Handling Unspecified Overflow
56307	Little CMS (lcms) Image File Handling Memory Exhaustion DoS

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0339.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090319_lcms_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-01-13	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1043-1.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_liblcms-6048.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_lcms-090317.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12361.nasl - Type : ACT_GATHER_INFO
2009-08-31	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090827.nasl - Type : ACT_GATHER_INFO
2009-08-31	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090826.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_lcms-090309.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_lcms-090309.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090312.nasl - Type : ACT_GATHER_INFO
2009-06-21	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO
2009-05-22	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-121.nasl - Type : ACT_GATHER_INFO
2009-05-11	Name : The remote Fedora host is missing a security update. File : fedora_2009-3967.nasl - Type : ACT_GATHER_INFO
2009-05-11	Name : The remote Fedora host is missing a security update. File : fedora_2009-3914.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-744-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-2903.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-2970.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-2982.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-3426.nasl - Type : ACT_GATHER_INFO
2009-04-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-19.nasl - Type : ACT_GATHER_INFO
2009-04-13	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO
2009-04-08	Name : The remote Fedora host is missing a security update. File : fedora_2009-3425.nasl - Type : ACT_GATHER_INFO
2009-04-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-03-27	Name : The remote Fedora host is missing a security update. File : fedora_2009-3034.nasl - Type : ACT_GATHER_INFO
2009-03-25	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-01.nasl - Type : ACT_GATHER_INFO
2009-03-24	Name : The remote Fedora host is missing a security update. File : fedora_2009-2983.nasl - Type : ACT_GATHER_INFO
2009-03-24	Name : The remote Fedora host is missing a security update. File : fedora_2009-2928.nasl - Type : ACT_GATHER_INFO
2009-03-24	Name : The remote Fedora host is missing a security update. File : fedora_2009-2910.nasl - Type : ACT_GATHER_INFO
2009-03-24	Name : The remote openSUSE host is missing a security update. File : suse_liblcms-6049.nasl - Type : ACT_GATHER_INFO
2009-03-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0339.nasl - Type : ACT_GATHER_INFO
2009-03-20	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1745.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:36:31	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	4
Oval ID(s)	11
CPE ID(s)	146
osvdb(s)	4
Openvas Exploit(s)	31
Nessus® Exploit(s)	35

	Related
9.3	CVE-2009-0733
9.3	CVE-2009-0723
4.3	CVE-2009-0793
4.3	CVE-2009-0581
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)