CVE-2009-0793
Summary
| CVE | CVE-2009-0793 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2009-04-09 15:08:00 UTC |
|---|
| Updated | 2023-02-13 01:17:00 UTC |
|---|
| Description | cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability |
BID |
www.securityfocus.com |
|
| Support / Security / Advisories / / MDVSA-2009:121 | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| Gentoo update for lcms - Secunia Advisories - Vulnerability Information - Secunia.com |
SECUNIA |
secunia.com |
|
| [SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.25.b09.fc9 |
FEDORA |
www.redhat.com |
|
| CVE-2009-0793 - Red Hat Customer Portal |
MISC |
access.redhat.com |
|
| Security Alerts - Secunia |
SECUNIA |
secunia.com |
|
| Fedora update for lcms - Secunia.com |
SECUNIA |
secunia.com |
|
| Ubuntu update for lcms - Advisories - Community |
SECUNIA |
secunia.com |
|
| [SECURITY] Fedora 9 Update: lcms-1.18-2.fc9 |
FEDORA |
www.redhat.com |
|
| Debian update for openjdk-6 - Secunia.com |
SECUNIA |
secunia.com |
|
| Repository / Oval Repository |
OVAL |
oval.cisecurity.org |
|
| [SECURITY] Fedora 10 Update: lcms-1.18-2.fc10 |
FEDORA |
www.redhat.com |
|
| USN-1043-1: Little CMS vulnerability | Ubuntu |
UBUNTU |
www.ubuntu.com |
|
| [SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-15.b14.fc10 |
FEDORA |
www.redhat.com |
|
| Webmail - OVH |
VUPEN |
www.vupen.com |
Vendor Advisory |
| RETIRED: Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability |
BID |
www.securityfocus.com |
|
| Debian -- Security Information -- DSA-1769-1 openjdk-6 |
DEBIAN |
www.debian.org |
|
| Support / Security / Advisories / / MDVSA-2009:162 | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| Webmail - OVH |
VUPEN |
www.vupen.com |
Vendor Advisory |
| Little cms Monochrome Profiles Denial of Service Vulnerability - Secunia.com |
SECUNIA |
secunia.com |
Vendor Advisory |
| Red Hat Customer Portal |
MISC |
access.redhat.com |
|
| Webmail - OVH |
VUPEN |
www.vupen.com |
|
| access.redhat.com |
REDHAT |
rhn.redhat.com |
|
| Support / Security / Advisories / / MDVSA-2009:137 | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| 492353 – (CVE-2009-0793) CVE-2009-0793 lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles |
CONFIRM |
bugzilla.redhat.com |
|
| OpenJDK Little cms Monochrome Profiles Denial of Service - Secunia.com |
SECUNIA |
secunia.com |
Vendor Advisory |
| Gentoo Linux Documentation
--
LittleCMS: Multiple vulnerabilities |
GENTOO |
security.gentoo.org |
|
| Fedora update for java-1.6.0-openjdk - Secunia.com |
SECUNIA |
secunia.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2009-04-09 | Tomas Hoger | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0793 The Red Hat Security Response Team has rated this issue as having low security impact, a future lcms packages update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
There are currently no legacy QID mappings associated with this CVE.
