Vulnerability Details : CVE-2009-0723
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2009-0723
Probability of exploitation activity in the next 30 days: 0.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-0723
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-0723
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-0723
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:121
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
Broken Link
-
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:007 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
http://www.debian.org/security/2009/dsa-1769
Third Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438
Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/0775
Broken Link
-
http://www.securitytracker.com/id?1021869
Broken Link;Third Party Advisory;VDB Entry
-
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/49326
Third Party Advisory;VDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html
Third Party Advisory
-
http://www.ubuntu.com/usn/USN-744-1
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2009-0339.html
Broken Link;Vendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html
Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html
Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html
Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html
Third Party Advisory
-
http://www.ocert.org/advisories/ocert-2009-003.html
Third Party Advisory
-
http://scary.beasts.org/security/CESA-2009-003.html
Exploit
-
http://www.securityfocus.com/bid/34185
Broken Link;Patch;Third Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-200904-19.xml
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780
Tool Signature
-
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html
Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html
Third Party Advisory
-
http://www.securityfocus.com/archive/1/502031/100/0/threaded
Third Party Advisory;VDB Entry
-
https://rhn.redhat.com/errata/RHSA-2009-0377.html
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
Broken Link
-
http://www.securityfocus.com/archive/1/502018/100/0/threaded
Third Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=487508
Issue Tracking;Third Party Advisory
-
http://www.debian.org/security/2009/dsa-1745
Third Party Advisory
Products affected by CVE-2009-0723
- cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms:*:*:*:*:*:*:*:*
- cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*