CVE-2009-0733 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-0733 PUBLISHED CVSS 9.300000190734863 CRITICAL

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

EPSS 1.60% · 81.6th percentile

Risk Scores

CVSS v2.0

9.300000190734863

EPSS Score

1.60%

81.6th percentile

Affected Products

Vendor	Product	Versions
sun	openjdk	0
littlecms	little_cms	0
gimp	gimp	0
n/a	n/a	n/a
mozilla	firefox	3.1

Timeline

Mar 23, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

http://secunia.com/advisories/34418 technical
FEDORA-2009-2970 vendor-advisory
littlecms-readsetofcurves-bo(49330) vdb
MDVSA-2009:137 vendor-advisory
34632 third-party-advisory
34450 third-party-advisory
1021869 vdb
FEDORA-2009-2928 vendor-advisory
SUSE-SR:2009:007 vendor-advisory
USN-744-1 vendor-advisory
DSA-1745 vendor-advisory
34675 third-party-advisory
34454 third-party-advisory
34442 third-party-advisory
FEDORA-2009-2982 vendor-advisory
FEDORA-2009-3034 vendor-advisory
FEDORA-2009-2903 vendor-advisory
http://scary.beasts.org/security/CESA-2009-003.html url
34382 third-party-advisory
SSA:2009-083-01 vendor-advisory

…and 22 more

Open in Interactive Console →