CVE-2009-0723

Published: Mar 23, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Affected (4)

Products: Gimp: Gimp · Mozilla: Firefox · Sun: Openjdk · +1 more

Show all products

Gimp: Gimp · Mozilla: Firefox · Sun: Openjdk · Littlecms: Little Cms

1 product

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gimp Gimp	Before 2.9.2
Mozilla Firefox	Version 3.1 beta1
Sun Openjdk	Up to 7

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Littlecms Little Cms	Up to 1.17

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (82)

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

Source: cve@mitre.org

Third Party Advisory

http://scary.beasts.org/security/CESA-2009-003.html

Source: cve@mitre.org

Exploit

http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/34367

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34382

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34400

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34408

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34418

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34442

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34450

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34454

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34463

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34632

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34675

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34782

Source: cve@mitre.org

Broken Link

http://security.gentoo.org/glsa/glsa-200904-19.xml

Source: cve@mitre.org

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2009/dsa-1745

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2009/dsa-1769

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:121

Source: cve@mitre.org

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2009:137

Source: cve@mitre.org

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2009:162

Source: cve@mitre.org

Broken Link

http://www.ocert.org/advisories/ocert-2009-003.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-0339.html

Source: cve@mitre.org

Broken LinkVendor Advisory

http://www.securityfocus.com/archive/1/502018/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/502031/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/34185

Source: cve@mitre.org

Broken LinkPatchThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1021869

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-744-1

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2009/0775

Source: cve@mitre.org

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=487508

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49326

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780

Source: cve@mitre.org

Tool Signature

https://rhn.redhat.com/errata/RHSA-2009-0377.html

Source: cve@mitre.org

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html

Source: cve@mitre.org

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html

Source: cve@mitre.org

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html

Source: cve@mitre.org

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html

Source: cve@mitre.org

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html

Source: cve@mitre.org

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html

Source: cve@mitre.org

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html