CVE-2009-0733 — Vulnetix

CVE-2009-0733 PUBLISHED CVSS 9.300000190734863 CRITICAL

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

EPSS 1.87% · 83.4th percentile

Risk Scores

CVSS 2.0

9.300000190734863

EPSS Score

1.87%

83.4th percentile

Affected Products

Vendor	Product	Versions
sun	openjdk	0
littlecms	little_cms	0
gimp	gimp	0
n/a	n/a	n/a
mozilla	firefox	3.1

Exploit Intelligence

34418 (circl)
20090320 [oCERT-2009-003] LittleCMS integer errors (circl)
FEDORA-2009-2970 (circl)
littlecms-readsetofcurves-bo(49330) (circl)
MDVSA-2009:137 (circl)
34632 (circl)
34450 (circl)
1021869 (circl)
FEDORA-2009-2928 (circl)
SUSE-SR:2009:007 (circl)

…and 31 more exploits

Timeline

Mar 23, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 17, 2023 EPSS Score

References

http://secunia.com/advisories/34418 technical
FEDORA-2009-2970 vendor-advisory
littlecms-readsetofcurves-bo(49330) vdb
MDVSA-2009:137 vendor-advisory
34632 third-party-advisory
34450 third-party-advisory
1021869 vdb
FEDORA-2009-2928 vendor-advisory
SUSE-SR:2009:007 vendor-advisory
USN-744-1 vendor-advisory
DSA-1745 vendor-advisory
34675 third-party-advisory
34454 third-party-advisory
34442 third-party-advisory
FEDORA-2009-2982 vendor-advisory
FEDORA-2009-3034 vendor-advisory
FEDORA-2009-2903 vendor-advisory
http://scary.beasts.org/security/CESA-2009-003.html url
34382 third-party-advisory
SSA:2009-083-01 vendor-advisory

…and 22 more

Open in Interactive Console →