National Cyber-Alert System

Vulnerability Summary for CVE-2009-0581

Overview

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2009-0775

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/0775

External Source: BID

Name: 34185

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/34185

External Source: FEDORA

Name: FEDORA-2009-3034

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html

External Source: FEDORA

Name: FEDORA-2009-2983

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html

External Source: FEDORA

Name: FEDORA-2009-2982

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html

External Source: FEDORA

Name: FEDORA-2009-2970

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html

External Source: FEDORA

Name: FEDORA-2009-2928

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html

External Source: FEDORA

Name: FEDORA-2009-2910

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html

External Source: FEDORA

Name: FEDORA-2009-2903

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html

External Source: REDHAT

Name: RHSA-2009:0377

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-0377.html

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=487509

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=487509

External Source: XF

Name: littlecms-unspecified-dos(49328)

Hyperlink:http://xforce.iss.net/xforce/xfdb/49328

External Source: UBUNTU

Name: USN-744-1

Hyperlink:http://www.ubuntu.com/usn/USN-744-1

External Source: SECTRACK

Name: 1021870

Hyperlink:http://www.securitytracker.com/id?1021870

External Source: BUGTRAQ

Name: 20090320 [oCERT-2009-003] LittleCMS integer errors

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/502031/100/0/threaded

External Source: BUGTRAQ

Name: 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/502018/100/0/threaded

External Source: REDHAT

Name: RHSA-2009:0339

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-0339.html

External Source: MISC

Name: http://www.ocert.org/advisories/ocert-2009-003.html

Hyperlink:http://www.ocert.org/advisories/ocert-2009-003.html

External Source: MANDRIVA

Name: MDVSA-2009:162

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:162

External Source: MANDRIVA

Name: MDVSA-2009:137

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:137

External Source: MANDRIVA

Name: MDVSA-2009:121

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:121

External Source: DEBIAN

Name: DSA-1769

Hyperlink:http://www.debian.org/security/2009/dsa-1769

External Source: DEBIAN

Name: DSA-1745

Hyperlink:http://www.debian.org/security/2009/dsa-1745

External Source: SLACKWARE

Name: SSA:2009-083-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438

External Source: GENTOO

Name: GLSA-200904-19

Hyperlink:http://security.gentoo.org/glsa/glsa-200904-19.xml

External Source: SECUNIA

Name: 34782

Hyperlink:http://secunia.com/advisories/34782

External Source: SECUNIA

Name: 34675

Hyperlink:http://secunia.com/advisories/34675

External Source: SECUNIA

Name: 34632

Hyperlink:http://secunia.com/advisories/34632

External Source: SECUNIA

Name: 34463

Hyperlink:http://secunia.com/advisories/34463

External Source: SECUNIA

Name: 34454

Hyperlink:http://secunia.com/advisories/34454

External Source: SECUNIA

Name: 34450

Hyperlink:http://secunia.com/advisories/34450

External Source: SECUNIA

Name: 34442

Hyperlink:http://secunia.com/advisories/34442

External Source: SECUNIA

Name: 34418

Hyperlink:http://secunia.com/advisories/34418

External Source: SECUNIA

Name: 34408

Hyperlink:http://secunia.com/advisories/34408

External Source: SECUNIA

Name: 34400

Type: Advisory

Hyperlink:http://secunia.com/advisories/34400

External Source: SECUNIA

Name: 34382

Type: Advisory

Hyperlink:http://secunia.com/advisories/34382

External Source: SECUNIA

Name: 34367

Type: Advisory

Hyperlink:http://secunia.com/advisories/34367

External Source: MISC

Name: http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html

Hyperlink:http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html

External Source: MISC

Name: http://scary.beasts.org/security/CESA-2009-003.html

Hyperlink:http://scary.beasts.org/security/CESA-2009-003.html

External Source: SUSE

Name: SUSE-SR:2009:007

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html