4.3

CVE-2009-0793

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LittlecmsLcms Version1.18
SunOpenjdk Version6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.83% 0.909
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/34632
http://secunia.com/advisories/34675
http://www.debian.org/security/2009/dsa-1769
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
https://rhn.redhat.com/errata/RHSA-2009-0377.html
http://secunia.com/advisories/34782
http://security.gentoo.org/glsa/glsa-200904-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:121
http://secunia.com/advisories/34623
http://secunia.com/advisories/34634
Vendor Advisory
http://secunia.com/advisories/34635
Vendor Advisory
http://secunia.com/advisories/35048
http://secunia.com/advisories/42870
http://www.securityfocus.com/bid/34411
http://www.securityfocus.com/bid/34420
http://www.ubuntu.com/usn/USN-1043-1
http://www.vupen.com/english/advisories/2009/0963
Vendor Advisory
http://www.vupen.com/english/advisories/2009/0964
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0087
https://bugzilla.redhat.com/show_bug.cgi?id=492353
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11340
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00203.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00204.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00233.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00285.html