New Search

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2 as used in Firefox 3.1beta OpenJDK and GIMP allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel related to the ReadLUT_A2B and ReadLUT_B2A functions.

oval:org.mitre.oval:def:9742

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2 as used in Firefox 3.1beta OpenJDK and GIMP allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel related to the ReadLUT_A2B and ReadLUT_B2A functions.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 5
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2009-0733
Product(s):