CVE-2009-0733

CWE-787Out-of-bounds Write7 documents6 sources
Severity
9.3CRITICAL
EPSS
1.9%
top 16.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Gimp GimpLittlecms Little CMSSUN Openjdk+1 more
Timeline
PublishedMar 23
Latest updateMay 2

Description

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDgimp/gimp< 2.9.2

🔴Vulnerability Details

2
GHSA
GHSA-mm82-c2wc-w6j7: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 12022-05-02
CVEList
CVE-2009-0733: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 12009-03-23

📋Vendor Advisories

2
Ubuntu
LittleCMS vulnerabilities2009-03-23
Red Hat
LittleCms lack of upper-bounds check on sizes2009-03-19

💬Community

2
Bugzilla
CVE-2010-0733 postgresql: Integer overflow in hash table size calculation2009-12-11
Bugzilla
CVE-2009-0733 LittleCms lack of upper-bounds check on sizes2009-02-26
CVE-2009-0733 (CRITICAL CVSS 9.3) | Multiple stack-based buffer overflo | cvebase.io