CVE-2009-0723 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2009-0723?

CVE-2009-0723 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-0723?

Check the references section above for vendor advisories and patch information. Affected products include: Gimp Gimp, Mozilla Firefox, Sun Openjdk, Littlecms Little Cms.

Vulnerability Description

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Gimp	Gimp	< 2.9.2
Mozilla	Firefox	3.1
Sun	Openjdk	<= 7
Littlecms	Little Cms	<= 1.17

Related Weaknesses (CWE)

CWE-190

References

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.htmlThird Party Advisory
http://scary.beasts.org/security/CESA-2009-003.htmlExploit
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.htmlExploit
http://secunia.com/advisories/34367Broken Link
http://secunia.com/advisories/34382Broken Link
http://secunia.com/advisories/34400Broken Link
http://secunia.com/advisories/34408Broken Link
http://secunia.com/advisories/34418Broken Link
http://secunia.com/advisories/34442Broken Link
http://secunia.com/advisories/34450Broken Link
http://secunia.com/advisories/34454Broken Link
http://secunia.com/advisories/34463Broken Link
http://secunia.com/advisories/34632Broken Link
http://secunia.com/advisories/34675Broken Link
http://secunia.com/advisories/34782Broken Link

FAQ

What is CVE-2009-0723?

CVE-2009-0723 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted...

How severe is CVE-2009-0723?

CVE-2009-0723 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0723?

Check the references section above for vendor advisories and patch information. Affected products include: Gimp Gimp, Mozilla Firefox, Sun Openjdk, Littlecms Little Cms.