Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities by littlecms
CVE-2026-42798 (GCVE-0-2026-42798)
Vulnerability from cvelistv5 – Published: 2026-04-30 06:34 – Updated: 2026-04-30 12:57
VLAI
Summary
Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.
Severity
4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| littlecms | little cms color engine |
Affected:
2.16 , < 2.19
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T12:57:05.867260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T12:57:14.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "little cms color engine",
"vendor": "littlecms",
"versions": [
{
"lessThan": "2.19",
"status": "affected",
"version": "2.16",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.19",
"versionStartIncluding": "2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T06:49:45.780Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mm2/Little-CMS/commit/6a686019825a89b715d16671f18d049523354176"
},
{
"url": "https://github.com/mm2/Little-CMS/compare/lcms2.18...lcms2.19"
},
{
"url": "https://www.openwall.com/lists/oss-security/2026/04/30/8"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-42798",
"datePublished": "2026-04-30T06:34:13.323Z",
"dateReserved": "2026-04-30T06:34:12.814Z",
"dateUpdated": "2026-04-30T12:57:14.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41254 (GCVE-0-2026-41254)
Vulnerability from cvelistv5 – Published: 2026-04-18 06:43 – Updated: 2026-05-07 17:33
VLAI
Summary
Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.
Severity
4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-696 - Incorrect Behavior Order
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| littlecms | little cms color engine |
Affected:
0 , ≤ 2.18
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T16:09:17.782302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T16:09:45.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-07T17:33:56.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "little cms color engine",
"vendor": "littlecms",
"versions": [
{
"lessThanOrEqual": "2.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-696",
"description": "CWE-696 Incorrect Behavior Order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-18T06:43:42.580Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0"
},
{
"url": "https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc"
},
{
"url": "https://www.openwall.com/lists/oss-security/2026/04/17/16"
},
{
"url": "https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq"
},
{
"url": "https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-41254",
"datePublished": "2026-04-18T06:43:13.741Z",
"dateReserved": "2026-04-18T06:43:13.323Z",
"dateUpdated": "2026-05-07T17:33:56.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-16435 (GCVE-0-2018-16435)
Vulnerability from cvelistv5 – Published: 2018-09-04 00:00 – Updated: 2024-08-05 10:24
VLAI
Summary
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/3770-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/3770-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://access.redhat.com/errata/RHSA-2018:3004 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://github.com/mm2/Little-CMS/issues/171 | x_refsource_MISC |
| https://www.debian.org/security/2018/dsa-4284 | vendor-advisoryx_refsource_DEBIAN |
| https://github.com/mm2/Little-CMS/commit/768f70ca… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202105-18 | vendor-advisoryx_refsource_GENTOO |
Date Public
2018-09-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3770-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3770-2/"
},
{
"name": "USN-3770-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3770-1/"
},
{
"name": "RHSA-2018:3004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1496-1] lcms2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mm2/Little-CMS/issues/171"
},
{
"name": "DSA-4284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"
},
{
"name": "GLSA-202105-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T10:06:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3770-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3770-2/"
},
{
"name": "USN-3770-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3770-1/"
},
{
"name": "RHSA-2018:3004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1496-1] lcms2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mm2/Little-CMS/issues/171"
},
{
"name": "DSA-4284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"
},
{
"name": "GLSA-202105-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3770-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3770-2/"
},
{
"name": "USN-3770-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3770-1/"
},
{
"name": "RHSA-2018:3004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1496-1] lcms2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"
},
{
"name": "https://github.com/mm2/Little-CMS/issues/171",
"refsource": "MISC",
"url": "https://github.com/mm2/Little-CMS/issues/171"
},
{
"name": "DSA-4284",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4284"
},
{
"name": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8",
"refsource": "MISC",
"url": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"
},
{
"name": "GLSA-202105-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16435",
"datePublished": "2018-09-04T00:00:00.000Z",
"dateReserved": "2018-09-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11555 (GCVE-0-2018-11555)
Vulnerability from cvelistv5 – Published: 2018-05-30 04:00 – Updated: 2024-08-05 08:10 Disputed
VLAI
Summary
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mm2/Little-CMS/issues/167 | x_refsource_MISC |
| https://github.com/xiaoqx/pocs/tree/master/cms | x_refsource_MISC |
Date Public
2018-05-29 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-11555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T19:28:53.175323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T19:29:07.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mm2/Little-CMS/issues/167"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xiaoqx/pocs/tree/master/cms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-18T20:35:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mm2/Little-CMS/issues/167"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xiaoqx/pocs/tree/master/cms"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mm2/Little-CMS/issues/167",
"refsource": "MISC",
"url": "https://github.com/mm2/Little-CMS/issues/167"
},
{
"name": "https://github.com/xiaoqx/pocs/tree/master/cms",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/cms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11555",
"datePublished": "2018-05-30T04:00:00.000Z",
"dateReserved": "2018-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:10:14.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11556 (GCVE-0-2018-11556)
Vulnerability from cvelistv5 – Published: 2018-05-30 04:00 – Updated: 2024-08-05 08:10 Disputed
VLAI
Summary
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mm2/Little-CMS/issues/167 | x_refsource_MISC |
| https://github.com/xiaoqx/pocs/tree/master/cms | x_refsource_MISC |
Date Public
2018-05-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mm2/Little-CMS/issues/167"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xiaoqx/pocs/tree/master/cms"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-18T20:36:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mm2/Little-CMS/issues/167"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xiaoqx/pocs/tree/master/cms"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mm2/Little-CMS/issues/167",
"refsource": "MISC",
"url": "https://github.com/mm2/Little-CMS/issues/167"
},
{
"name": "https://github.com/xiaoqx/pocs/tree/master/cms",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/cms"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11556",
"datePublished": "2018-05-30T04:00:00.000Z",
"dateReserved": "2018-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:10:14.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10165 (GCVE-0-2016-10165)
Vulnerability from cvelistv5 – Published: 2017-02-03 19:00 – Updated: 2024-08-06 03:14
VLAI
Summary
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
19 references
Date Public
2017-01-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3770-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3770-2/"
},
{
"name": "DSA-3774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3774"
},
{
"name": "RHSA-2016:2079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
},
{
"name": "USN-3770-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3770-1/"
},
{
"name": "RHSA-2017:3267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3267"
},
{
"name": "RHSA-2017:3268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0336",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html"
},
{
"name": "95808",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95808"
},
{
"name": "1039596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039596"
},
{
"name": "RHSA-2017:3264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3264"
},
{
"name": "[oss-security] 20170125 Re: CVE request: lcms2 heap OOB read parsing crafted ICC profile",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/14"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"name": "[oss-security] 20170125 Re: CVE MLIST:[oss-security] 20170123 CVE request: lcms2 heap OOB read parsing crafted ICC profile",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/23/1"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2"
},
{
"name": "RHSA-2016:2658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-21T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3770-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3770-2/"
},
{
"name": "DSA-3774",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3774"
},
{
"name": "RHSA-2016:2079",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
},
{
"name": "USN-3770-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3770-1/"
},
{
"name": "RHSA-2017:3267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3267"
},
{
"name": "RHSA-2017:3268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0336",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html"
},
{
"name": "95808",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95808"
},
{
"name": "1039596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039596"
},
{
"name": "RHSA-2017:3264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3264"
},
{
"name": "[oss-security] 20170125 Re: CVE request: lcms2 heap OOB read parsing crafted ICC profile",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/14"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"name": "[oss-security] 20170125 Re: CVE MLIST:[oss-security] 20170123 CVE request: lcms2 heap OOB read parsing crafted ICC profile",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/23/1"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2"
},
{
"name": "RHSA-2016:2658",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3770-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3770-2/"
},
{
"name": "DSA-3774",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3774"
},
{
"name": "RHSA-2016:2079",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2079.html"
},
{
"name": "USN-3770-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3770-1/"
},
{
"name": "RHSA-2017:3267",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3267"
},
{
"name": "RHSA-2017:3268",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3268"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2017:3046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0336",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html"
},
{
"name": "95808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95808"
},
{
"name": "1039596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039596"
},
{
"name": "RHSA-2017:3264",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3264"
},
{
"name": "[oss-security] 20170125 Re: CVE request: lcms2 heap OOB read parsing crafted ICC profile",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/14"
},
{
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"name": "[oss-security] 20170125 Re: CVE MLIST:[oss-security] 20170123 CVE request: lcms2 heap OOB read parsing crafted ICC profile",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/23/1"
},
{
"name": "RHSA-2017:2999",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2",
"refsource": "CONFIRM",
"url": "https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2"
},
{
"name": "RHSA-2016:2658",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2658.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10165",
"datePublished": "2017-02-03T19:00:00.000Z",
"dateReserved": "2017-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7455 (GCVE-0-2013-7455)
Vulnerability from cvelistv5 – Published: 2016-05-07 10:00 – Updated: 2024-08-06 18:09
VLAI
Summary
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://penteston.com/OSVDB-105462 | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2961-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.kb.cert.org/vuls/id/369800 | third-party-advisoryx_refsource_CERT-VN |
| https://github.com/mm2/Little-CMS/commit/fefaaa43… | x_refsource_CONFIRM |
Date Public
2013-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://penteston.com/OSVDB-105462"
},
{
"name": "USN-2961-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2961-1"
},
{
"name": "VU#369800",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/369800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://penteston.com/OSVDB-105462"
},
{
"name": "USN-2961-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2961-1"
},
{
"name": "VU#369800",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/369800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-7455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://penteston.com/OSVDB-105462",
"refsource": "MISC",
"url": "https://penteston.com/OSVDB-105462"
},
{
"name": "USN-2961-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2961-1"
},
{
"name": "VU#369800",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/369800"
},
{
"name": "https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db",
"refsource": "CONFIRM",
"url": "https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-7455",
"datePublished": "2016-05-07T10:00:00.000Z",
"dateReserved": "2016-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:09:16.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4160 (GCVE-0-2013-4160)
Vulnerability from cvelistv5 – Published: 2014-01-21 18:00 – Updated: 2024-08-06 16:30
VLAI
Summary
Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://openwall.com/lists/oss-security/2013/07/18/7 | mailing-listx_refsource_MLIST |
| http://mail.openjdk.java.net/pipermail/distro-pkg… | mailing-listx_refsource_MLIST |
| http://www.ubuntu.com/usn/USN-1911-1 | vendor-advisoryx_refsource_UBUNTU |
| https://github.com/mm2/Little-CMS/commit/91c2db7f… | x_refsource_MISC |
| https://bugzilla.novell.com/show_bug.cgi?id=826097#c9 | x_refsource_MISC |
| http://openwall.com/lists/oss-security/2013/07/22/1 | mailing-listx_refsource_MLIST |
Date Public
2013-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130718 CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/07/18/7"
},
{
"name": "[distro-pkg-dev] 20130708 [SECURITY] IcedTea 2.4.1 for OpenJDK 7 Released!",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html"
},
{
"name": "USN-1911-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1911-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9"
},
{
"name": "[oss-security] 20130722 Re: CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/07/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-21T17:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130718 CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/07/18/7"
},
{
"name": "[distro-pkg-dev] 20130708 [SECURITY] IcedTea 2.4.1 for OpenJDK 7 Released!",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html"
},
{
"name": "USN-1911-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1911-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9"
},
{
"name": "[oss-security] 20130722 Re: CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/07/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130718 CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/07/18/7"
},
{
"name": "[distro-pkg-dev] 20130708 [SECURITY] IcedTea 2.4.1 for OpenJDK 7 Released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html"
},
{
"name": "USN-1911-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1911-1"
},
{
"name": "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9",
"refsource": "MISC",
"url": "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9"
},
{
"name": "[oss-security] 20130722 Re: CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/07/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4160",
"datePublished": "2014-01-21T18:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:50.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4276 (GCVE-0-2013-4276)
Vulnerability from cvelistv5 – Published: 2013-09-28 19:00 – Updated: 2024-08-06 16:38
VLAI
Summary
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/3770-2/ | vendor-advisoryx_refsource_UBUNTU |
| https://bugzilla.redhat.com/show_bug.cgi?id=992975 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/61607 | vdb-entryx_refsource_BID |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2013-1… | vendor-advisoryx_refsource_SUSE |
| https://bugzilla.redhat.com/show_bug.cgi?id=991757 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2013-1… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2013/08/22/3 | mailing-listx_refsource_MLIST |
Date Public
2013-08-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3770-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3770-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=992975"
},
{
"name": "61607",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682"
},
{
"name": "openSUSE-SU-2013:1560",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=991757"
},
{
"name": "openSUSE-SU-2013:1547",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00021.html"
},
{
"name": "[oss-security] 20130822 Re: CVE request: lcms 1.x buffer overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-21T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3770-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3770-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=992975"
},
{
"name": "61607",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682"
},
{
"name": "openSUSE-SU-2013:1560",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=991757"
},
{
"name": "openSUSE-SU-2013:1547",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00021.html"
},
{
"name": "[oss-security] 20130822 Re: CVE request: lcms 1.x buffer overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/08/22/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4276",
"datePublished": "2013-09-28T19:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:38:01.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0793 (GCVE-0-2009-0793)
Vulnerability from cvelistv5 – Published: 2009-04-09 15:00 – Updated: 2024-08-07 04:48
VLAI
Summary
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
Date Public
2009-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:51.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34635"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "FEDORA-2009-3914",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00233.html"
},
{
"name": "34623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34623"
},
{
"name": "USN-1043-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1043-1"
},
{
"name": "34675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34675"
},
{
"name": "ADV-2009-0964",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0964"
},
{
"name": "35048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35048"
},
{
"name": "FEDORA-2009-3426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00204.html"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "34782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34782"
},
{
"name": "ADV-2011-0087",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0087"
},
{
"name": "oval:org.mitre.oval:def:11340",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11340"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "FEDORA-2009-3425",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00203.html"
},
{
"name": "34411",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34411"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492353"
},
{
"name": "34420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34420"
},
{
"name": "DSA-1769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "ADV-2009-0963",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0963"
},
{
"name": "FEDORA-2009-3967",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00285.html"
},
{
"name": "34634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34634"
},
{
"name": "MDVSA-2009:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "42870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42870"
},
{
"name": "GLSA-200904-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for \"transformations of monochrome profiles.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34635"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "FEDORA-2009-3914",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00233.html"
},
{
"name": "34623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34623"
},
{
"name": "USN-1043-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1043-1"
},
{
"name": "34675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34675"
},
{
"name": "ADV-2009-0964",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0964"
},
{
"name": "35048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35048"
},
{
"name": "FEDORA-2009-3426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00204.html"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "34782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34782"
},
{
"name": "ADV-2011-0087",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0087"
},
{
"name": "oval:org.mitre.oval:def:11340",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11340"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "FEDORA-2009-3425",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00203.html"
},
{
"name": "34411",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34411"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492353"
},
{
"name": "34420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34420"
},
{
"name": "DSA-1769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "ADV-2009-0963",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0963"
},
{
"name": "FEDORA-2009-3967",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00285.html"
},
{
"name": "34634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34634"
},
{
"name": "MDVSA-2009:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "42870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42870"
},
{
"name": "GLSA-200904-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0793",
"datePublished": "2009-04-09T15:00:00.000Z",
"dateReserved": "2009-03-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:48:51.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0723 (GCVE-0-2009-0723)
Vulnerability from cvelistv5 – Published: 2009-03-23 14:00 – Updated: 2024-08-07 04:48
VLAI
Summary
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
41 references
Date Public
2009-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:51.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "34450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34450"
},
{
"name": "1021869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021869"
},
{
"name": "FEDORA-2009-2928",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "USN-744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name": "DSA-1745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1745"
},
{
"name": "34675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34675"
},
{
"name": "34454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34454"
},
{
"name": "34442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34442"
},
{
"name": "FEDORA-2009-2982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name": "FEDORA-2009-3034",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name": "FEDORA-2009-2903",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name": "34382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34382"
},
{
"name": "SSA:2009-083-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.487438"
},
{
"name": "littlecms-unspecified-bo(49326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name": "34782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34782"
},
{
"name": "34367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34367"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "RHSA-2009:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"name": "ADV-2009-0775",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name": "34463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34463"
},
{
"name": "34408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34408"
},
{
"name": "DSA-1769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "34400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34400"
},
{
"name": "oval:org.mitre.oval:def:11780",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780"
},
{
"name": "MDVSA-2009:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"name": "FEDORA-2009-2910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name": "34185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "34450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34450"
},
{
"name": "1021869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021869"
},
{
"name": "FEDORA-2009-2928",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "USN-744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name": "DSA-1745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1745"
},
{
"name": "34675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34675"
},
{
"name": "34454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34454"
},
{
"name": "34442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34442"
},
{
"name": "FEDORA-2009-2982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name": "FEDORA-2009-3034",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name": "FEDORA-2009-2903",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name": "34382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34382"
},
{
"name": "SSA:2009-083-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.487438"
},
{
"name": "littlecms-unspecified-bo(49326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name": "34782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34782"
},
{
"name": "34367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34367"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "RHSA-2009:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"name": "ADV-2009-0775",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name": "34463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34463"
},
{
"name": "34408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34408"
},
{
"name": "DSA-1769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "34400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34400"
},
{
"name": "oval:org.mitre.oval:def:11780",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780"
},
{
"name": "MDVSA-2009:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"name": "FEDORA-2009-2910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name": "34185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-2970",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name": "MDVSA-2009:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34632"
},
{
"name": "34450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34450"
},
{
"name": "1021869",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021869"
},
{
"name": "FEDORA-2009-2928",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "USN-744-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name": "DSA-1745",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1745"
},
{
"name": "34675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34675"
},
{
"name": "34454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34454"
},
{
"name": "34442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34442"
},
{
"name": "FEDORA-2009-2982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name": "FEDORA-2009-3034",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name": "FEDORA-2009-2903",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"name": "http://scary.beasts.org/security/CESA-2009-003.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name": "34382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34382"
},
{
"name": "SSA:2009-083-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.487438"
},
{
"name": "littlecms-unspecified-bo(49326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49326"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=487508",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name": "RHSA-2009:0377",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2009-003.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name": "34782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34782"
},
{
"name": "34367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34367"
},
{
"name": "MDVSA-2009:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "RHSA-2009:0339",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"name": "ADV-2009-0775",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name": "34463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34463"
},
{
"name": "34408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34408"
},
{
"name": "DSA-1769",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "34400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34400"
},
{
"name": "oval:org.mitre.oval:def:11780",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780"
},
{
"name": "MDVSA-2009:121",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"name": "FEDORA-2009-2910",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name": "34185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0723",
"datePublished": "2009-03-23T14:00:00.000Z",
"dateReserved": "2009-02-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:48:51.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0733 (GCVE-0-2009-0733)
Vulnerability from cvelistv5 – Published: 2009-03-23 14:00 – Updated: 2024-08-07 04:48
VLAI
Summary
Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
41 references
Date Public
2009-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:51.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name": "littlecms-readsetofcurves-bo(49330)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49330"
},
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "34450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34450"
},
{
"name": "1021869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021869"
},
{
"name": "FEDORA-2009-2928",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "USN-744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name": "DSA-1745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1745"
},
{
"name": "34675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34675"
},
{
"name": "34454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34454"
},
{
"name": "34442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34442"
},
{
"name": "FEDORA-2009-2982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name": "FEDORA-2009-3034",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name": "FEDORA-2009-2903",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name": "34382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34382"
},
{
"name": "SSA:2009-083-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.487438"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name": "34782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34782"
},
{
"name": "34367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34367"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "RHSA-2009:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
},
{
"name": "ADV-2009-0775",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name": "34463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34463"
},
{
"name": "34408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34408"
},
{
"name": "DSA-1769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "34400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34400"
},
{
"name": "MDVSA-2009:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"name": "FEDORA-2009-2910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name": "oval:org.mitre.oval:def:9742",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742"
},
{
"name": "34185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2009-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name": "littlecms-readsetofcurves-bo(49330)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49330"
},
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "34450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34450"
},
{
"name": "1021869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021869"
},
{
"name": "FEDORA-2009-2928",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "USN-744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name": "DSA-1745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1745"
},
{
"name": "34675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34675"
},
{
"name": "34454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34454"
},
{
"name": "34442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34442"
},
{
"name": "FEDORA-2009-2982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name": "FEDORA-2009-3034",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name": "FEDORA-2009-2903",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name": "34382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34382"
},
{
"name": "SSA:2009-083-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.487438"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name": "34782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34782"
},
{
"name": "34367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34367"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "RHSA-2009:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
},
{
"name": "ADV-2009-0775",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name": "34463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34463"
},
{
"name": "34408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34408"
},
{
"name": "DSA-1769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "34400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34400"
},
{
"name": "MDVSA-2009:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"name": "FEDORA-2009-2910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name": "oval:org.mitre.oval:def:9742",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742"
},
{
"name": "34185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-2970",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name": "littlecms-readsetofcurves-bo(49330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49330"
},
{
"name": "MDVSA-2009:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34632"
},
{
"name": "34450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34450"
},
{
"name": "1021869",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021869"
},
{
"name": "FEDORA-2009-2928",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "USN-744-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name": "DSA-1745",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1745"
},
{
"name": "34675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34675"
},
{
"name": "34454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34454"
},
{
"name": "34442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34442"
},
{
"name": "FEDORA-2009-2982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name": "FEDORA-2009-3034",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name": "FEDORA-2009-2903",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"name": "http://scary.beasts.org/security/CESA-2009-003.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name": "34382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34382"
},
{
"name": "SSA:2009-083-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.487438"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name": "RHSA-2009:0377",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2009-003.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name": "34782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34782"
},
{
"name": "34367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34367"
},
{
"name": "MDVSA-2009:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "RHSA-2009:0339",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=487512",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
},
{
"name": "ADV-2009-0775",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name": "34463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34463"
},
{
"name": "34408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34408"
},
{
"name": "DSA-1769",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "34400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34400"
},
{
"name": "MDVSA-2009:121",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"name": "FEDORA-2009-2910",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name": "oval:org.mitre.oval:def:9742",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742"
},
{
"name": "34185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0733",
"datePublished": "2009-03-23T14:00:00.000Z",
"dateReserved": "2009-02-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:48:51.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0581 (GCVE-0-2009-0581)
Vulnerability from cvelistv5 – Published: 2009-03-23 14:00 – Updated: 2024-08-07 04:40
VLAI
Summary
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
41 references
Date Public
2009-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:04.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2009-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "34450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34450"
},
{
"name": "FEDORA-2009-2928",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "USN-744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name": "DSA-1745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1745"
},
{
"name": "34675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34675"
},
{
"name": "littlecms-unspecified-dos(49328)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49328"
},
{
"name": "34454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34454"
},
{
"name": "1021870",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021870"
},
{
"name": "34442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34442"
},
{
"name": "FEDORA-2009-2982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name": "FEDORA-2009-3034",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name": "FEDORA-2009-2903",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name": "34382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34382"
},
{
"name": "SSA:2009-083-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.487438"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name": "34782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34782"
},
{
"name": "34367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34367"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "RHSA-2009:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"name": "ADV-2009-0775",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name": "34463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34463"
},
{
"name": "34408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34408"
},
{
"name": "DSA-1769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "34400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34400"
},
{
"name": "MDVSA-2009:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"
},
{
"name": "FEDORA-2009-2910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name": "oval:org.mitre.oval:def:10023",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023"
},
{
"name": "34185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2009-2970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name": "MDVSA-2009:137",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34632"
},
{
"name": "34450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34450"
},
{
"name": "FEDORA-2009-2928",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "USN-744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name": "DSA-1745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1745"
},
{
"name": "34675",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34675"
},
{
"name": "littlecms-unspecified-dos(49328)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49328"
},
{
"name": "34454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34454"
},
{
"name": "1021870",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021870"
},
{
"name": "34442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34442"
},
{
"name": "FEDORA-2009-2982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name": "FEDORA-2009-3034",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name": "FEDORA-2009-2903",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name": "34382",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34382"
},
{
"name": "SSA:2009-083-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.487438"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name": "RHSA-2009:0377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name": "34782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34782"
},
{
"name": "34367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34367"
},
{
"name": "MDVSA-2009:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "RHSA-2009:0339",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"name": "ADV-2009-0775",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name": "34463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34463"
},
{
"name": "34408",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34408"
},
{
"name": "DSA-1769",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "34400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34400"
},
{
"name": "MDVSA-2009:121",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"
},
{
"name": "FEDORA-2009-2910",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name": "oval:org.mitre.oval:def:10023",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023"
},
{
"name": "34185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0581",
"datePublished": "2009-03-23T14:00:00.000Z",
"dateReserved": "2009-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:40:04.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5316 (GCVE-0-2008-5316)
Vulnerability from cvelistv5 – Published: 2008-12-03 17:00 – Updated: 2024-08-07 10:49
VLAI
Summary
Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/32708 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/33066 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2008/dsa-1684 | vendor-advisoryx_refsource_DEBIAN |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.openwall.com/lists/oss-security/2008/11/28/3 | mailing-listx_refsource_MLIST |
| http://www.redhat.com/support/errata/RHSA-2009-00… | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33\u0026r2=1.34"
},
{
"name": "32708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32708"
},
{
"name": "33066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33066"
},
{
"name": "DSA-1684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1684"
},
{
"name": "oval:org.mitre.oval:def:10531",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10531"
},
{
"name": "[oss-security] 20081128 CVE request: lcms (old issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/3"
},
{
"name": "RHSA-2009:0011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0011.html"
},
{
"name": "lcms-readembeddedtexttag-bo(47119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of \"the input file,\" a different vulnerability than CVE-2007-2741."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33\u0026r2=1.34"
},
{
"name": "32708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32708"
},
{
"name": "33066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33066"
},
{
"name": "DSA-1684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1684"
},
{
"name": "oval:org.mitre.oval:def:10531",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10531"
},
{
"name": "[oss-security] 20081128 CVE request: lcms (old issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/3"
},
{
"name": "RHSA-2009:0011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0011.html"
},
{
"name": "lcms-readembeddedtexttag-bo(47119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of \"the input file,\" a different vulnerability than CVE-2007-2741."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33\u0026r2=1.34",
"refsource": "CONFIRM",
"url": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33\u0026r2=1.34"
},
{
"name": "32708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32708"
},
{
"name": "33066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33066"
},
{
"name": "DSA-1684",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1684"
},
{
"name": "oval:org.mitre.oval:def:10531",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10531"
},
{
"name": "[oss-security] 20081128 CVE request: lcms (old issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/3"
},
{
"name": "RHSA-2009:0011",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0011.html"
},
{
"name": "lcms-readembeddedtexttag-bo(47119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5316",
"datePublished": "2008-12-03T17:00:00.000Z",
"dateReserved": "2008-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5317 (GCVE-0-2008-5317)
Vulnerability from cvelistv5 – Published: 2008-12-03 17:00 – Updated: 2024-08-07 10:49
VLAI
Summary
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/33219 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/32708 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/33066 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.debian.org/security/2008/dsa-1684 | vendor-advisoryx_refsource_DEBIAN |
| http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2008/11/28/3 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.redhat.com/support/errata/RHSA-2009-00… | vendor-advisoryx_refsource_REDHAT |
| https://usn.ubuntu.com/693-1/ | vendor-advisoryx_refsource_UBUNTU |
Date Public
2008-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33219"
},
{
"name": "32708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32708"
},
{
"name": "33066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33066"
},
{
"name": "oval:org.mitre.oval:def:10685",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10685"
},
{
"name": "DSA-1684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1684"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff\u0026r1=1.16\u0026r2=1.17"
},
{
"name": "[oss-security] 20081128 CVE request: lcms (old issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/3"
},
{
"name": "lcms-cmsallocgamma-bo(47120)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47120"
},
{
"name": "RHSA-2009:0011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0011.html"
},
{
"name": "USN-693-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/693-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain \"number of entries\" value, which is interpreted improperly, leading to an allocation of insufficient memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33219"
},
{
"name": "32708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32708"
},
{
"name": "33066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33066"
},
{
"name": "oval:org.mitre.oval:def:10685",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10685"
},
{
"name": "DSA-1684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1684"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff\u0026r1=1.16\u0026r2=1.17"
},
{
"name": "[oss-security] 20081128 CVE request: lcms (old issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/3"
},
{
"name": "lcms-cmsallocgamma-bo(47120)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47120"
},
{
"name": "RHSA-2009:0011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0011.html"
},
{
"name": "USN-693-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/693-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain \"number of entries\" value, which is interpreted improperly, leading to an allocation of insufficient memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33219"
},
{
"name": "32708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32708"
},
{
"name": "33066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33066"
},
{
"name": "oval:org.mitre.oval:def:10685",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10685"
},
{
"name": "DSA-1684",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1684"
},
{
"name": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff\u0026r1=1.16\u0026r2=1.17",
"refsource": "CONFIRM",
"url": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff\u0026r1=1.16\u0026r2=1.17"
},
{
"name": "[oss-security] 20081128 CVE request: lcms (old issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/3"
},
{
"name": "lcms-cmsallocgamma-bo(47120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47120"
},
{
"name": "RHSA-2009:0011",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0011.html"
},
{
"name": "USN-693-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/693-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5317",
"datePublished": "2008-12-03T17:00:00.000Z",
"dateReserved": "2008-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2741 (GCVE-0-2007-2741)
Vulnerability from cvelistv5 – Published: 2007-05-17 19:00 – Updated: 2024-08-07 13:49
VLAI
Summary
Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://osvdb.org/36179 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/1837 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/32282 | third-party-advisoryx_refsource_SECUNIA |
| http://www.ubuntu.com/usn/usn-652-1 | vendor-advisoryx_refsource_UBUNTU |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/27756 | third-party-advisoryx_refsource_SECUNIA |
| http://scary.beasts.org/security/CESA-2007-001.html | x_refsource_MISC |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://secunia.com/advisories/25294 | third-party-advisoryx_refsource_SECUNIA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.securityfocus.com/bid/24001 | vdb-entryx_refsource_BID |
Date Public
2007-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:49:57.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36179"
},
{
"name": "ADV-2007-1837",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1837"
},
{
"name": "32282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32282"
},
{
"name": "USN-652-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-652-1"
},
{
"name": "littlecms-iccprofile-bo(34331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34331"
},
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27756"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2007-001.html"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "25294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25294"
},
{
"name": "MDKSA-2007:238",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:238"
},
{
"name": "24001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36179"
},
{
"name": "ADV-2007-1837",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1837"
},
{
"name": "32282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32282"
},
{
"name": "USN-652-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-652-1"
},
{
"name": "littlecms-iccprofile-bo(34331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34331"
},
{
"name": "27756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27756"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2007-001.html"
},
{
"name": "SUSE-SR:2007:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "25294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25294"
},
{
"name": "MDKSA-2007:238",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:238"
},
{
"name": "24001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36179",
"refsource": "OSVDB",
"url": "http://osvdb.org/36179"
},
{
"name": "ADV-2007-1837",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1837"
},
{
"name": "32282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32282"
},
{
"name": "USN-652-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-652-1"
},
{
"name": "littlecms-iccprofile-bo(34331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34331"
},
{
"name": "27756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27756"
},
{
"name": "http://scary.beasts.org/security/CESA-2007-001.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2007-001.html"
},
{
"name": "SUSE-SR:2007:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "25294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25294"
},
{
"name": "MDKSA-2007:238",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:238"
},
{
"name": "24001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2741",
"datePublished": "2007-05-17T19:00:00.000Z",
"dateReserved": "2007-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:49:57.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}