Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-744-1
HistoryMar 23, 2009 - 12:00 a.m.

LittleCMS vulnerabilities

2009-03-2300:00:00
ubuntu.com
33

8.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.1%

JSON

Releases

  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 7.10
  • Ubuntu 6.06

Packages

  • lcms -

Details

Chris Evans discovered that LittleCMS did not properly handle certain error
conditions, resulting in a large memory leak. If a user or automated system
were tricked into processing an image with malicious ICC tags, a remote
attacker could cause a denial of service. (CVE-2009-0581)

Chris Evans discovered that LittleCMS contained multiple integer overflows.
If a user or automated system were tricked into processing an image with
malicious ICC tags, a remote attacker could crash applications linked
against liblcms1, leading to a denial of service, or possibly execute
arbitrary code with user privileges. (CVE-2009-0723)

Chris Evans discovered that LittleCMS did not properly perform bounds
checking, leading to a buffer overflow. If a user or automated system were
tricked into processing an image with malicious ICC tags, a remote attacker
could execute arbitrary code with user privileges. (CVE-2009-0733)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchpython-liblcms<Β 1.16-10ubuntu0.2UNKNOWN
Ubuntu8.10noarchliblcms-utils<Β 1.16-10ubuntu0.2UNKNOWN
Ubuntu8.10noarchliblcms1<Β 1.16-10ubuntu0.2UNKNOWN
Ubuntu8.10noarchliblcms1-dev<Β 1.16-10ubuntu0.2UNKNOWN
Ubuntu8.04noarchpython-liblcms<Β 1.16-7ubuntu1.2UNKNOWN
Ubuntu8.04noarchliblcms-utils<Β 1.16-7ubuntu1.2UNKNOWN
Ubuntu8.04noarchliblcms1<Β 1.16-7ubuntu1.2UNKNOWN
Ubuntu8.04noarchliblcms1-dev<Β 1.16-7ubuntu1.2UNKNOWN
Ubuntu7.10noarchpython-liblcms<Β 1.16-5ubuntu3.2UNKNOWN
Ubuntu7.10noarchliblcms-utils<Β 1.16-5ubuntu3.2UNKNOWN
Rows per page:
1-10 of 151

Related

openvas 57
nessus 28
seebug 1
debian 3
oraclelinux 2
fedora 9
osv 2
slackware 1
redhat 2
securityvulns 3
gentoo 1
ubuntucve 3
veracode 3
prion 3
cve 3
centos 1
openvas
openvas
Debian Security Advisory DSA 1745-1 (lcms)
2009-03-31 00:00:00
Slackware Advisory SSA:2009-083-01 lcms
2012-09-11 00:00:00
Fedora Core 10 FEDORA-2009-2970 (lcms)
2009-03-31 00:00:00
nessus
nessus
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : lcms (SSA:2009-083-01)
2009-03-25 00:00:00
Fedora 10 : lcms-1.18-1.fc10 (2009-2903)
2009-04-23 00:00:00
SuSE9 Security Update : liblcms (YOU Patch Number 12361)
2009-09-24 00:00:00
seebug
seebug
Little CMSε†…ε­˜ζ³„ιœ²εŠζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2009-03-23 00:00:00
debian
debian
[SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution
2009-03-20 09:16:54
[SECURITY] [DSA 1745-2] New lcms packages fix regression
2009-03-25 11:32:18
[SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution
2009-04-11 14:38:24
oraclelinux
oraclelinux
lcms security update
2009-03-19 00:00:00
java-1.6.0-openjdk security update
2009-04-07 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-11.b14.fc10
2009-03-24 05:31:44
[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.23.b09.fc9
2009-03-25 16:13:51
[SECURITY] Fedora 10 Update: lcms-1.18-1.fc10
2009-03-23 15:53:15
osv
osv
lcms - arbitrary code execution
2009-03-20 00:00:00
openjdk-6 - arbitrary code execution
2009-04-11 00:00:00
slackware
slackware
lcms
2009-03-24 16:43:23
redhat
redhat
(RHSA-2009:0339) Moderate: lcms security update
2009-03-19 00:00:00
(RHSA-2009:0377) Important: java-1.6.0-openjdk security update
2009-04-07 00:00:00
securityvulns
securityvulns
lcms multiple security vulnerabilities
2009-05-25 00:00:00
[ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities
2009-04-20 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-04-20 00:00:00
gentoo
gentoo
LittleCMS: Multiple vulnerabilities
2009-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2009-0733
2009-03-23 00:00:00
CVE-2009-0581
2009-03-23 00:00:00
CVE-2009-0723
2009-03-23 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:30:32
Denial Of Service (DoS)
2020-04-10 00:30:31
Arbitrary Code Execution
2020-04-10 00:30:32
prion
prion
Memory corruption
2009-03-23 14:19:00
Stack overflow
2009-03-23 14:19:00
Integer overflow
2009-03-23 14:19:00
cve
cve
CVE-2009-0581
2009-03-23 14:19:00
CVE-2009-0733
2009-03-23 14:19:00
CVE-2009-0723
2009-03-23 14:19:00
centos
centos
java security update
2009-04-08 11:56:07

8.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.1%

JSON
Related for USN-744-1
openvas57nessus28seebug1debian3oraclelinux2fedora9osv2slackware1redhat2securityvulns3gentoo1ubuntucve3veracode3prion3cve3centos1