CVE-2009-0581 - Vulnerability Details

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gimp	Gimp
Littlecms	Little Cms
Mozilla	Firefox
Oracle	Openjdk
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:littlecms:little_cms:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:gimp:gimp::::::::
	cpe:2.3:a:mozilla:firefox:3.1:beta1::::::
	cpe:2.3:a:oracle:openjdk::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
lcms-0:1.18-0.1.beta1.el5_3.2	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:0339	2009-03-19T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:0377	2009-04-07T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
http://scary.beasts.org/security/CESA-2009-003.html
http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html
http://secunia.com/advisories/34367
http://secunia.com/advisories/34382
http://secunia.com/advisories/34400
http://secunia.com/advisories/34408
http://secunia.com/advisories/34418
http://secunia.com/advisories/34442
http://secunia.com/advisories/34450
http://secunia.com/advisories/34454
http://secunia.com/advisories/34463
http://secunia.com/advisories/34632
http://secunia.com/advisories/34675
http://secunia.com/advisories/34782
http://security.gentoo.org/glsa/glsa-200904-19.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438
http://www.debian.org/security/2009/dsa-1745
http://www.debian.org/security/2009/dsa-1769
http://www.mandriva.com/security/advisories?name=MDVSA-2009:121
http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
http://www.ocert.org/advisories/ocert-2009-003.html
http://www.redhat.com/support/errata/RHSA-2009-0339.html
http://www.securityfocus.com/archive/1/502018/100/0/threaded
http://www.securityfocus.com/archive/1/502031/100/0/threaded
http://www.securityfocus.com/bid/34185
http://www.securitytracker.com/id?1021870
http://www.ubuntu.com/usn/USN-744-1
http://www.vupen.com/english/advisories/2009/0775
https://bugzilla.redhat.com/show_bug.cgi?id=487509
https://exchange.xforce.ibmcloud.com/vulnerabilities/49328
https://nvd.nist.gov/vuln/detail/CVE-2009-0581
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023
https://rhn.redhat.com/errata/RHSA-2009-0377.html
https://www.cve.org/CVERecord?id=CVE-2009-0581
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html

History

Fri, 21 Mar 2025 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Oracle Oracle openjdk
CPEs	cpe:2.3:a:sun:openjdk::::::::	cpe:2.3:a:oracle:openjdk::::::::
Vendors & Products	Sun Sun openjdk	Oracle Oracle openjdk

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-03-23T14:00:00

Updated: 2024-08-07T04:40:04.074Z

Reserved: 2009-02-13T00:00:00

Link: CVE-2009-0581

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-03-23T14:19:12.467

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0581

Redhat

Severity : Low

Publid Date: 2009-03-19T00:00:00Z

Links: CVE-2009-0581 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-03-19T00:00:00", "descriptions": [{"lang": "en", "value": "Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2009-2970", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"}, {"name": "MDVSA-2009:137", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"}, {"name": "34632", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34632"}, {"name": "34450", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34450"}, {"name": "FEDORA-2009-2928", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"}, {"name": "SUSE-SR:2009:007", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"}, {"name": "USN-744-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-744-1"}, {"name": "DSA-1745", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1745"}, {"name": "34675", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34675"}, {"name": "littlecms-unspecified-dos(49328)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49328"}, {"name": "34454", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34454"}, {"name": "1021870", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021870"}, {"name": "34442", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34442"}, {"name": "FEDORA-2009-2982", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"}, {"name": "FEDORA-2009-3034", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"}, {"name": "FEDORA-2009-2903", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"}, {"tags": ["x_refsource_MISC"], "url": "http://scary.beasts.org/security/CESA-2009-003.html"}, {"name": "34382", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34382"}, {"name": "SSA:2009-083-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438"}, {"name": "34418", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34418"}, {"name": "20090320 [oCERT-2009-003] LittleCMS integer errors", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"}, {"name": "RHSA-2009:0377", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2009-003.html"}, {"tags": ["x_refsource_MISC"], "url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"}, {"name": "34782", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34782"}, {"name": "34367", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34367"}, {"name": "MDVSA-2009:162", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"}, {"name": "RHSA-2009:0339", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"}, {"name": "ADV-2009-0775", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0775"}, {"name": "34463", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34463"}, {"name": "34408", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34408"}, {"name": "DSA-1769", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1769"}, {"name": "34400", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34400"}, {"name": "MDVSA-2009:121", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"}, {"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"}, {"name": "FEDORA-2009-2910", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"}, {"name": "oval:org.mitre.oval:def:10023", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023"}, {"name": "34185", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34185"}, {"name": "GLSA-200904-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"}, {"name": "FEDORA-2009-2983", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:40:04.074Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2009-2970", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"}, {"name": "MDVSA-2009:137", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"}, {"name": "34632", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34632"}, {"name": "34450", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34450"}, {"name": "FEDORA-2009-2928", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"}, {"name": "SUSE-SR:2009:007", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"}, {"name": "USN-744-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-744-1"}, {"name": "DSA-1745", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1745"}, {"name": "34675", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34675"}, {"name": "littlecms-unspecified-dos(49328)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49328"}, {"name": "34454", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34454"}, {"name": "1021870", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021870"}, {"name": "34442", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34442"}, {"name": "FEDORA-2009-2982", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"}, {"name": "FEDORA-2009-3034", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"}, {"name": "FEDORA-2009-2903", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://scary.beasts.org/security/CESA-2009-003.html"}, {"name": "34382", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34382"}, {"name": "SSA:2009-083-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438"}, {"name": "34418", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34418"}, {"name": "20090320 [oCERT-2009-003] LittleCMS integer errors", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"}, {"name": "RHSA-2009:0377", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocert.org/advisories/ocert-2009-003.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"}, {"name": "34782", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34782"}, {"name": "34367", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34367"}, {"name": "MDVSA-2009:162", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"}, {"name": "RHSA-2009:0339", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"}, {"name": "ADV-2009-0775", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0775"}, {"name": "34463", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34463"}, {"name": "34408", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34408"}, {"name": "DSA-1769", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1769"}, {"name": "34400", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34400"}, {"name": "MDVSA-2009:121", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"}, {"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"}, {"name": "FEDORA-2009-2910", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"}, {"name": "oval:org.mitre.oval:def:10023", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023"}, {"name": "34185", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34185"}, {"name": "GLSA-200904-19", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"}, {"name": "FEDORA-2009-2983", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-0581", "datePublished": "2009-03-23T14:00:00", "dateReserved": "2009-02-13T00:00:00", "dateUpdated": "2024-08-07T04:40:04.074Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:littlecms:little_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DAF1951-51CA-4FCC-94EE-3713860D6598", "versionEndIncluding": "1.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "matchCriteriaId": "28CB30F0-E3AF-490A-B05B-0947A2BF717B", "versionEndExcluding": "2.9.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "0F72BFD4-000D-4B07-8261-C9F6839AD150", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FEAB217-572E-4BBB-8C01-C2517DCD99F9", "versionEndIncluding": "7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file."}, {"lang": "es", "value": "Fuga de memoria en versiones de LittleCMS (alias LCMS o liblcms) anteriores a la 1.18beta2, tal como se utiliza en Firefox 3.1beta, OpenJDK, y el GIMP, permite causar, a atacantes dependientes de contexto, una denegaci\u00f3n de servicio (mediante consumo de memoria y caida de la aplicaci\u00f3n) a trav\u00e9s de un archivo de imagen debidamente modificado."}], "id": "CVE-2009-0581", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-23T14:19:12.467", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://scary.beasts.org/security/CESA-2009-003.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34367"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34382"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34400"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34408"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34418"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34442"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34450"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34454"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34463"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34632"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34675"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34782"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1745"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1769"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ocert.org/advisories/ocert-2009-003.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/34185"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1021870"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-744-1"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/0775"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49328"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://scary.beasts.org/security/CESA-2009-003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34382"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34400"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34408"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34463"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34632"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34675"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34782"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1745"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2009/dsa-1769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ocert.org/advisories/ocert-2009-003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/34185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1021870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-744-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/0775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Chris Evans (Google Security Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2009:0339", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "lcms-0:1.18-0.1.beta1.el5_3.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-03-19T00:00:00Z"}, {"advisory": "RHSA-2009:0377", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-04-07T00:00:00Z"}], "bugzilla": {"description": "LittleCms memory leak", "id": "487509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487509"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-401", "details": ["Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file."], "name": "CVE-2009-0581", "public_date": "2009-03-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0581\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0581"], "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object