4.3
CVE-2009-0581
- EPSS 2.5%
- Veröffentlicht 23.03.2009 14:19:12
- Zuletzt bearbeitet 16.06.2026 23:05:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.5% | 0.826 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
http://secunia.com/advisories/34632
http://secunia.com/advisories/34675
http://www.debian.org/security/2009/dsa-1769
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
https://rhn.redhat.com/errata/RHSA-2009-0377.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://secunia.com/advisories/34418
http://scary.beasts.org/security/CESA-2009-003.html
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
http://secunia.com/advisories/34367
http://secunia.com/advisories/34382
http://secunia.com/advisories/34400
http://secunia.com/advisories/34408
http://secunia.com/advisories/34442
http://secunia.com/advisories/34450
http://secunia.com/advisories/34454
http://secunia.com/advisories/34463
http://secunia.com/advisories/34782
http://security.gentoo.org/glsa/glsa-200904-19.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438
http://www.debian.org/security/2009/dsa-1745
http://www.mandriva.com/security/advisories?name=MDVSA-2009:121
http://www.ocert.org/advisories/ocert-2009-003.html
http://www.redhat.com/support/errata/RHSA-2009-0339.html
http://www.securityfocus.com/archive/1/502018/100/0/threaded
http://www.securityfocus.com/archive/1/502031/100/0/threaded
http://www.securityfocus.com/bid/34185
http://www.securitytracker.com/id?1021870
http://www.ubuntu.com/usn/USN-744-1
http://www.vupen.com/english/advisories/2009/0775
https://bugzilla.redhat.com/show_bug.cgi?id=487509
https://exchange.xforce.ibmcloud.com/vulnerabilities/49328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html