CVE-2009-0793

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."

References

http://secunia.com/advisories/34623

http://secunia.com/advisories/34632

http://secunia.com/advisories/34634

http://secunia.com/advisories/34635

http://secunia.com/advisories/34675

http://secunia.com/advisories/34782

http://secunia.com/advisories/35048

http://secunia.com/advisories/42870

http://security.gentoo.org/glsa/glsa-200904-19.xml

http://www.debian.org/security/2009/dsa-1769

http://www.mandriva.com/security/advisories?name=MDVSA-2009:121

http://www.mandriva.com/security/advisories?name=MDVSA-2009:137

http://www.mandriva.com/security/advisories?name=MDVSA-2009:162

http://www.securityfocus.com/bid/34411

http://www.securityfocus.com/bid/34420

http://www.ubuntu.com/usn/USN-1043-1

http://www.vupen.com/english/advisories/2009/0963

http://www.vupen.com/english/advisories/2009/0964

http://www.vupen.com/english/advisories/2011/0087

https://bugzilla.redhat.com/show_bug.cgi?id=492353

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11340

https://rhn.redhat.com/errata/RHSA-2009-0377.html

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00203.html

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00204.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00233.html

https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00285.html

Details

Source: MITRE

Published: 2009-04-09

Updated: 2017-09-29

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
67831Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)NessusOracle Linux Local Security Checks
critical
51509Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : lcms vulnerability (USN-1043-1)NessusUbuntu Local Security Checks
medium
43736CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)NessusCentOS Local Security Checks
critical
40818openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1252)NessusSuSE Local Security Checks
critical
40816openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1252)NessusSuSE Local Security Checks
critical
39478Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137)NessusMandriva Local Security Checks
critical
38865Mandriva Linux Security Advisory : lcms (MDVSA-2009:121-1)NessusMandriva Local Security Checks
high
38727Fedora 10 : lcms-1.18-2.fc10 (2009-3967)NessusFedora Local Security Checks
medium
38726Fedora 9 : lcms-1.18-2.fc9 (2009-3914)NessusFedora Local Security Checks
medium
37517Fedora 10 : java-1.6.0-openjdk-1.6.0.0-15.b14.fc10 (2009-3426)NessusFedora Local Security Checks
medium
36198GLSA-200904-19 : LittleCMS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
36142Debian DSA-1769-1 : openjdk-6 - several vulnerabilitiesNessusDebian Local Security Checks
critical
36111RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)NessusRed Hat Local Security Checks
critical
36110Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.25.b09.fc9 (2009-3425)NessusFedora Local Security Checks
medium