Launchpad.net

CVE 2009-0733

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

Related bugs and status

CVE-2009-0733 (Candidate) is related to these bugs:

Bug #823185: [MIR] colord

Summary				In	Importance	Status
	823185	[MIR] colord		colord (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://scary.beasts.or...
MISC: http://scarybeastsecur...
CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2009:0339
BID: 34185
MISC: http://www.ocert.org/a...
DEBIAN: DSA-1745
UBUNTU: USN-744-1
SECUNIA: 34367
SECUNIA: 34382
SECUNIA: 34400
VUPEN: ADV-2009-0775
SUSE: SUSE-SR:2009:007
SECUNIA: 34418
FEDORA: FEDORA-2009-2903
FEDORA: FEDORA-2009-2910
FEDORA: FEDORA-2009-2928
FEDORA: FEDORA-2009-2970
FEDORA: FEDORA-2009-2982
FEDORA: FEDORA-2009-2983
FEDORA: FEDORA-2009-3034
SECTRACK: 1021869
SECUNIA: 34442
SECUNIA: 34450
SECUNIA: 34454
SECUNIA: 34463
SECUNIA: 34408
REDHAT: RHSA-2009:0377
DEBIAN: DSA-1769
SECUNIA: 34675
SECUNIA: 34632
GENTOO: GLSA-200904-19
SECUNIA: 34782
MANDRIVA: MDVSA-2009:121
MANDRIVA: MDVSA-2009:137
MANDRIVA: MDVSA-2009:162
SLACKWARE: SSA:2009-083-01
XF: littlecms-readsetofcur...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090320 [oCERT-2009-0...
BUGTRAQ: 20090320 LittleCMS vul...