CVE-2009-0581

CVSS V2 Medium 4.3 CVSS V3 None
Description
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
Overview
  • CVE ID
  • CVE-2009-0581
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-03-23T14:19:12
  • Last Modified Date
  • 2023-02-13T02:19:39
Weakness Enumerations
CWE URL
CWE-401 http://cwe.mitre.org/data/definitions/401.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:littlecms:little_cms:*:*:*:*:*:*:*:* 1 OR 1.17
cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:* 1 OR 7
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:N/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/34185 Patch Third Party Advisory VDB Entry
http://www.redhat.com/support/errata/RHSA-2009-0339.html Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=487509 Issue Tracking
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html Exploit
http://scary.beasts.org/security/CESA-2009-003.html Exploit
http://secunia.com/advisories/34382 Broken Link
http://www.vupen.com/english/advisories/2009/0775 Patch Vendor Advisory
http://www.debian.org/security/2009/dsa-1745 Third Party Advisory
http://secunia.com/advisories/34367 Broken Link
http://www.ubuntu.com/usn/USN-744-1 Third Party Advisory
http://secunia.com/advisories/34400 Broken Link
http://www.ocert.org/advisories/ocert-2009-003.html Third Party Advisory
http://secunia.com/advisories/34418 Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html Third Party Advisory
http://secunia.com/advisories/34442 Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html Third Party Advisory
http://secunia.com/advisories/34408 Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 Third Party Advisory
http://secunia.com/advisories/34450 Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html Third Party Advisory
http://www.securitytracker.com/id?1021870 Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html Third Party Advisory
http://secunia.com/advisories/34463 Broken Link
http://secunia.com/advisories/34454 Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-0377.html Third Party Advisory
http://www.debian.org/security/2009/dsa-1769 Third Party Advisory
http://secunia.com/advisories/34675 Broken Link
http://secunia.com/advisories/34632 Broken Link
http://security.gentoo.org/glsa/glsa-200904-19.xml Third Party Advisory
http://secunia.com/advisories/34782 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/49328 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023 Tool Signature
http://www.securityfocus.com/archive/1/502031/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/502018/100/0/threaded Broken Link Third Party Advisory VDB Entry
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-0581
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
History
Created Old Value New Value Data Type Notes
2022-05-10 06:33:49 Added to TrackCVE
2023-02-02 21:02:17 2023-02-02T19:15:49 CVE Modified Date updated
2023-02-02 21:02:17 Analyzed Modified Vulnerability Status updated
2023-02-02 21:02:17 Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. CVE-2009-0581 LittleCms memory leak Description updated
2023-02-13 03:02:53 2023-02-13T02:19:39 CVE Modified Date updated
2023-02-13 03:02:53 CVE-2009-0581 LittleCms memory leak Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Description updated