what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2009-0723

Status Candidate

Overview

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Related Files

Mandriva Linux Security Advisory 2009-121
Posted Dec 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little cms. This update provides fixes for these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793
SHA-256 | b1c96bf179cf7611ccb91e5558988d8123f8e22c2f03322a9e4e4aa0b1473f0c
Mandriva Linux Security Advisory 2009-162
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-162 - Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793, CVE-2006-2426, CVE-2009-0794, CVE-2009-1093, CVE-2009-1094, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1101, CVE-2009-1102
SHA-256 | 12c90d8e3f3b2b5d0ac1ba6b038027034171284bb4adfe356ea434f21d413ac8
Mandriva Linux Security Advisory 2009-137
Posted Jun 19, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-137 - Multiple security vulnerabilities has been identified and fixed in Little cms library embedded in OpenJDK. This update provides fixes for these issues. java-1.6.0-openjdk requires rhino packages and these has been further updated.

tags | advisory, java, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793, CVE-2006-2426, CVE-2009-0794, CVE-2009-1093, CVE-2009-1094, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1101, CVE-2009-1102
SHA-256 | f4b765dd3a8d255bd547e542daffc7433c55b00e65db844ce078a2a85ed532c1
Mandriva Linux Security Advisory 2009-121
Posted May 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little CMS. A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel. A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file. This update provides fixes for these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability, memory leak
systems | linux, mandriva
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793
SHA-256 | 128b2e6b39bb8559db988ef3a065a0a1f8e056209cbe8d7fa77bda7e09b9db5f
Gentoo Linux Security Advisory 200904-19
Posted Apr 20, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200904-19 - Multiple errors in LittleCMS allow for attacks including the remote execution of arbitrary code. RedHat reported a null-pointer dereference flaw while processing monochrome ICC profiles. Chris Evans also discovered memory leaks, integer overflows, and stack-based overflows. Versions less than 1.18-r1 are affected.

tags | advisory, remote, overflow, arbitrary, memory leak
systems | linux, redhat, gentoo
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793
SHA-256 | e3539824a2eae5dbe90fe0fb63225c5786d23d1f68b49df72ee7465b5d262ae5
Debian Linux Security Advisory 1769-1
Posted Apr 14, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1769-1 - Several vulnerabilities have been identified in OpenJDK, an implementation of the Java SE platform.

tags | advisory, java, vulnerability
systems | linux, debian
advisories | CVE-2006-2426, CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1101
SHA-256 | cd608fa6c076345b0a874fdfd34d8a9d0ee02a13f6ebd86be7fb0feca8715eb6
Debian Linux Security Advisory 1745-2
Posted Mar 25, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1745-2 - Several security issues have been discovered in lcms, a color management library. This update fixes a possible regression introduced in DSA-1745-1 and also enhances the security patch.

tags | advisory
systems | linux, debian
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733
SHA-256 | c77800fadd6c284e42c35d6fcb110b184e99091d0e1d7a6cdfbdea548c3735e4
Ubuntu Security Notice 744-1
Posted Mar 24, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-744-1 - Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. Chris Evans discovered that LittleCMS contained multiple integer overflows. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges. Chris Evans discovered that LittleCMS did not properly perform bounds checking, leading to a buffer overflow. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, denial of service, overflow, arbitrary, memory leak
systems | linux, ubuntu
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733
SHA-256 | db36b43a201d232477811d11c433a2cf94eea4a5eb6830aac283817d353e0584
Open Source CERT Security Advisory 2009.3
Posted Mar 24, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

LittleCMS, an open source color management engine, suffers from several integer errors, resulting in stack based buffer overflows and various heap errors as well as dangerous memory leaks. Decoding a specially crafted image file will result in unexpected process termination, Denial Of Service conditions or arbitrary code execution due to stack overflow. Versions 1.17 and below are affected.

tags | advisory, denial of service, overflow, arbitrary, code execution, memory leak
advisories | CVE-2009-0723, CVE-2009-0581, CVE-2009-0733
SHA-256 | 5d153924342e064a181f332c2fe5c861183cf0ba99258a99b23ce5e1958ba492
Debian Linux Security Advisory 1745-1
Posted Mar 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1745-1 - Several security issues have been discovered in lcms, a color management library.

tags | advisory
systems | linux, debian
advisories | CVE-2009-0581, CVE-2009-0723, CVE-2009-0733
SHA-256 | 31110b123b0825a468a3a51dc420b7290e8ab1d46c7813f631dd2b9caedc3d3d
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close