Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1745-1
HistoryMar 20, 2009 - 12:00 a.m.

lcms - arbitrary code execution

2009-03-2000:00:00
Google
osv.dev
9

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

72.9%

JSON

Several security issues have been discovered in lcms, a color management
library. The Common Vulnerabilities and Exposures project identifies
the following problems:

  • CVE-2009-0581
    Chris Evans discovered that lcms is affected by a memory leak, which
    could result in a denial of service via specially crafted image files.
  • CVE-2009-0723
    Chris Evans discovered that lcms is prone to several integer overflows
    via specially crafted image files, which could lead to the execution of
    arbitrary code.
  • CVE-2009-0733
    Chris Evans discovered the lack of upper-bounds check on sizes leading
    to a buffer overflow, which could be used to execute arbitrary code.

For the stable distribution (lenny), these problems have been fixed in
version 1.17.dfsg-1+lenny1.

For the oldstable distribution (etch), these problems have been fixed
in version 1.15-1.1+etch2.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.

We recommend that you upgrade your lcms packages.

CPENameOperatorVersion
lcmseq1.17.dfsg-1

Related

openvas 57
nessus 28
debian 3
seebug 1
fedora 9
ubuntu 1
oraclelinux 2
slackware 1
redhat 2
securityvulns 3
gentoo 1
ubuntucve 3
veracode 3
prion 3
cve 3
osv 1
centos 1
openvas
openvas
Debian Security Advisory DSA 1745-1 (lcms)
2009-03-31 00:00:00
Slackware Advisory SSA:2009-083-01 lcms
2012-09-11 00:00:00
Fedora Core 10 FEDORA-2009-2970 (lcms)
2009-03-31 00:00:00
nessus
nessus
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : lcms (SSA:2009-083-01)
2009-03-25 00:00:00
Fedora 10 : lcms-1.18-1.fc10 (2009-2903)
2009-04-23 00:00:00
SuSE9 Security Update : liblcms (YOU Patch Number 12361)
2009-09-24 00:00:00
debian
debian
[SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution
2009-03-20 09:16:54
[SECURITY] [DSA 1745-2] New lcms packages fix regression
2009-03-25 11:32:18
[SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution
2009-04-11 14:38:24
seebug
seebug
Little CMSε†…ε­˜ζ³„ιœ²εŠζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2009-03-23 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: lcms-1.18-1.fc10
2009-03-23 15:53:15
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-11.b14.fc10
2009-03-24 05:31:44
[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9
2009-03-25 16:13:51
ubuntu
ubuntu
LittleCMS vulnerabilities
2009-03-23 00:00:00
oraclelinux
oraclelinux
lcms security update
2009-03-19 00:00:00
java-1.6.0-openjdk security update
2009-04-07 00:00:00
slackware
slackware
lcms
2009-03-24 16:43:23
redhat
redhat
(RHSA-2009:0339) Moderate: lcms security update
2009-03-19 00:00:00
(RHSA-2009:0377) Important: java-1.6.0-openjdk security update
2009-04-07 00:00:00
securityvulns
securityvulns
lcms multiple security vulnerabilities
2009-05-25 00:00:00
[ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities
2009-04-20 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-04-20 00:00:00
gentoo
gentoo
LittleCMS: Multiple vulnerabilities
2009-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2009-0733
2009-03-23 00:00:00
CVE-2009-0581
2009-03-23 00:00:00
CVE-2009-0723
2009-03-23 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:30:32
Denial Of Service (DoS)
2020-04-10 00:30:31
Arbitrary Code Execution
2020-04-10 00:30:32
prion
prion
Memory corruption
2009-03-23 14:19:00
Stack overflow
2009-03-23 14:19:00
Integer overflow
2009-03-23 14:19:00
cve
cve
CVE-2009-0581
2009-03-23 14:19:00
CVE-2009-0733
2009-03-23 14:19:00
CVE-2009-0723
2009-03-23 14:19:00
osv
osv
openjdk-6 - arbitrary code execution
2009-04-11 00:00:00
centos
centos
java security update
2009-04-08 11:56:07

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

72.9%

JSON
Related for OSV:DSA-1745-1
openvas57nessus28debian3seebug1fedora9ubuntu1oraclelinux2slackware1redhat2securityvulns3gentoo1ubuntucve3veracode3prion3cve3osv1centos1