CVE		CVE-2009-0733
Status		UNKNOWN
Description		Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
Severity		High
CVSS score		9,3
CVSS vector		(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Phase		ASSIGNED (07.03.2011)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0733
References		BID : 34185
		BUGTRAQ : 20090320 [oCERT-2009-003] LittleCMS integer errors
		BUGTRAQ : 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)
		CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=487512
		DEBIAN : DSA-1745
		DEBIAN : DSA-1769
		FEDORA : FEDORA-2009-2903
		FEDORA : FEDORA-2009-2910
		FEDORA : FEDORA-2009-2928
		FEDORA : FEDORA-2009-2970
		FEDORA : FEDORA-2009-2982
		FEDORA : FEDORA-2009-2983
		FEDORA : FEDORA-2009-3034
		GENTOO : GLSA-200904-19
		MANDRIVA : MDVSA-2009:121
		MANDRIVA : MDVSA-2009:137
		MANDRIVA : MDVSA-2009:162
		MISC : http://scary.beasts.org/security/CESA-2009-003.html
		MISC : http://scarybeastsecurity.blogspot.com/2009/03/lit...
		MISC : http://www.ocert.org/advisories/ocert-2009-003.html
		OVAL : oval:org.mitre.oval:def:9742
		REDHAT : RHSA-2009:0339
		REDHAT : RHSA-2009:0377
		SECTRACK : 1021869
		SECUNIA : 34367
		SECUNIA : 34382
		SECUNIA : 34400
		SECUNIA : 34408
		SECUNIA : 34418
		SECUNIA : 34442
		SECUNIA : 34450
		SECUNIA : 34454
		SECUNIA : 34463
		SECUNIA : 34632
		SECUNIA : 34675
		SECUNIA : 34782
		SLACKWARE : SSA:2009-083-01
		SUSE : SUSE-SR:2009:007
		UBUNTU : USN-744-1
		VUPEN : ADV-2009-0775
		XF : littlecms-readsetofcurves-bo(49330)
		XF : littlecms-unspecified-code-execution(49330)
SecurityVulns:		Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
		lcms multiple security vulnerabilities