Lucene search
Ubuntu.comUB:CVE-2009-0793HistoryApr 09, 2009 - 12:00 a.m.
CVE-2009-0793
2009-04-0900:00:00
ubuntu.com
ubuntu.com
9
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.053 Low
EPSS
Percentile
93.0%
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and
other products, allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted image that
triggers execution of incorrect code for “transformations of monochrome
profiles.”
Bugs
- <http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=492353>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530785>
Notes
| Author | Note |
|---|---|
| mdeslaur | as per upstream post to lcms-user: No code injection can be done using this bug. Using monochrome profiles is rare, and using them in the output direction is a corner case. This bug is only exploitable if the application uses monochrome output, and then the crafted profile should be in the output direction. Does not affect input profiles, so an attacker could NOT use this flaw by creating a specially-crafted image. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 8.04 | noarch | lcms | < 1.16-7ubuntu1.3 | UNKNOWN |
| ubuntu | 9.10 | noarch | lcms | < 1.18.dfsg-1ubuntu1.1 | UNKNOWN |
| ubuntu | 10.04 | noarch | lcms | < 1.18.dfsg-1ubuntu2.10.04.1 | UNKNOWN |
| ubuntu | 10.10 | noarch | lcms | < 1.18.dfsg-1ubuntu2.10.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | openjdk-6 | < 6b18-1.8.2-4ubuntu1~8.04.1 | UNKNOWN |
Related
nessus
nessus
Fedora 9 : lcms-1.18-2.fc9 (2009-3914)
2009-05-11 00:00:00
Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : lcms vulnerability (USN-1043-1)
2011-01-13 00:00:00
Fedora 10 : lcms-1.18-2.fc10 (2009-3967)
2009-05-11 00:00:00
prion
prion
Null pointer dereference
2009-04-09 15:08:00
cve
cve
CVE-2009-0793
2009-04-09 15:08:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:30:32
openvas
openvas
Ubuntu Update for lcms vulnerability USN-1043-1
2011-01-14 00:00:00
Ubuntu: Security Advisory (USN-1043-1)
2011-01-14 00:00:00
Fedora Core 10 FEDORA-2009-3426 (java-1.6.0-openjdk)
2009-04-15 00:00:00
ubuntu
ubuntu
Little CMS vulnerability
2011-01-12 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-15.b14.fc10
2009-04-07 23:23:37
[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.25.b09.fc9
2009-04-07 23:23:21
[SECURITY] Fedora 9 Update: lcms-1.18-2.fc9
2009-05-09 03:57:49
securityvulns
securityvulns
lcms multiple security vulnerabilities
2009-05-25 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-04-20 00:00:00
[ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities
2009-04-20 00:00:00
gentoo
gentoo
LittleCMS: Multiple vulnerabilities
2009-04-19 00:00:00
debian
debian
[SECURITY] [DSA 1769-1] New openjdk-6 packages fix arbitrary code execution
2009-04-11 14:38:44
osv
osv
openjdk-6 - arbitrary code execution
2009-04-11 00:00:00
redhat
redhat
(RHSA-2009:0377) Important: java-1.6.0-openjdk security update
2009-04-07 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2009-04-07 00:00:00
centos
centos
java security update
2009-04-08 11:56:07
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.053 Low
EPSS
Percentile
93.0%
Related for UB:CVE-2009-0793