CVE-2009-0793

CWE-20Improper Input ValidationCWE-476NULL Pointer Dereference6 documents6 sources
Severity
4.3MEDIUM
EPSS
10.6%
top 6.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Littlecms LcmsSUN Openjdk
Timeline
PublishedApr 9
Latest updateMay 2

Description

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDlittlecms/lcms1.18

🔴Vulnerability Details

2
GHSA
GHSA-mqm3-p699-wmxx: cmsxform2022-05-02
CVEList
CVE-2009-0793: cmsxform2009-04-09

📋Vendor Advisories

2
Ubuntu
Little CMS vulnerability2011-01-12
Red Hat
lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles2009-04-02

💬Community

1
Bugzilla
CVE-2009-0793 lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles2009-03-26
CVE-2009-0793 (MEDIUM CVSS 4.3) | cmsxform.c in LittleCMS (aka lcms o | cvebase.io