4.3
CVE-2009-0793
- EPSS 4.83%
- Veröffentlicht 09.04.2009 15:08:35
- Zuletzt bearbeitet 16.06.2026 23:05:49
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.83% | 0.909 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/34632
http://secunia.com/advisories/34675
http://www.debian.org/security/2009/dsa-1769
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
https://rhn.redhat.com/errata/RHSA-2009-0377.html
http://secunia.com/advisories/34782
http://security.gentoo.org/glsa/glsa-200904-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:121
http://secunia.com/advisories/34623
http://secunia.com/advisories/34634
http://secunia.com/advisories/34635
http://secunia.com/advisories/35048
http://secunia.com/advisories/42870
http://www.securityfocus.com/bid/34411
http://www.securityfocus.com/bid/34420
http://www.ubuntu.com/usn/USN-1043-1
http://www.vupen.com/english/advisories/2009/0963
http://www.vupen.com/english/advisories/2009/0964
http://www.vupen.com/english/advisories/2011/0087
https://bugzilla.redhat.com/show_bug.cgi?id=492353
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11340
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00203.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00204.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00233.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00285.html