Vulnerability Description
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Littlecms | Little Cms | <= 1.17 |
| Gimp | Gimp | < 2.9.2 |
| Mozilla | Firefox | 3.1 |
| Oracle | Openjdk | <= 7 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlThird Party Advisory
- http://scary.beasts.org/security/CESA-2009-003.htmlExploit
- http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.htmlExploit
- http://secunia.com/advisories/34367Broken Link
- http://secunia.com/advisories/34382Broken Link
- http://secunia.com/advisories/34400Broken Link
- http://secunia.com/advisories/34408Broken Link
- http://secunia.com/advisories/34418Broken Link
- http://secunia.com/advisories/34442Broken Link
- http://secunia.com/advisories/34450Broken Link
- http://secunia.com/advisories/34454Broken Link
- http://secunia.com/advisories/34463Broken Link
- http://secunia.com/advisories/34632Broken Link
- http://secunia.com/advisories/34675Broken Link
- http://secunia.com/advisories/34782Broken Link
FAQ
What is CVE-2009-0581?
CVE-2009-0581 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and ...
How severe is CVE-2009-0581?
CVE-2009-0581 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0581?
Check the references section above for vendor advisories and patch information. Affected products include: Littlecms Little Cms, Gimp Gimp, Mozilla Firefox, Oracle Openjdk.