Lucene search

[email protected]CVE-2009-0793

HistoryApr 09, 2009 - 3:08 p.m.

CVE-2009-0793

2009-04-0915:08:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2009-0793

littlecms

lcms

liblcms

openjdk

remote code execution

denial of service

null pointer dereference

application crash

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

93.0%

JSON

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for “transformations of monochrome profiles.”

CPENameOperatorVersion
sun:openjdksun openjdkeq6
littlecms:lcmslittlecms lcmseq1.18

CPE	Name	Operator	Version
sun:openjdk	sun openjdk	eq	6
littlecms:lcms	littlecms lcms	eq	1.18

References

secunia.com/advisories/34623

secunia.com/advisories/34632

secunia.com/advisories/34634

secunia.com/advisories/34635

secunia.com/advisories/34675

secunia.com/advisories/34782

secunia.com/advisories/35048

secunia.com/advisories/42870

security.gentoo.org/glsa/glsa-200904-19.xml

www.debian.org/security/2009/dsa-1769

www.mandriva.com/security/advisories?name=MDVSA-2009:121

www.mandriva.com/security/advisories?name=MDVSA-2009:137

www.mandriva.com/security/advisories?name=MDVSA-2009:162

www.securityfocus.com/bid/34411

www.securityfocus.com/bid/34420

www.ubuntu.com/usn/USN-1043-1

www.vupen.com/english/advisories/2009/0963

www.vupen.com/english/advisories/2009/0964

www.vupen.com/english/advisories/2011/0087

bugzilla.redhat.com/show_bug.cgi?id=492353

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11340

rhn.redhat.com/errata/RHSA-2009-0377.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00203.html

www.redhat.com/archives/fedora-package-announce/2009-April/msg00204.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg00233.html

www.redhat.com/archives/fedora-package-announce/2009-May/msg00285.html

6.5 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2009-0793

nessus14 prion1 veracode1 ubuntucve1 ubuntu1 openvas29 fedora4 securityvulns3 gentoo1 debian1 osv1 redhat1 oraclelinux1 centos1