Integer Overflow Vulnerability in LittleCMS Affecting Firefox and GIMP
CVE-2009-0723

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Gimp; Openjdk
Vendor: CVE Published:; 23 March 2009

What is CVE-2009-0723?

An integer overflow vulnerability exists in LittleCMS, which can be exploited via specially crafted image files. When these files are processed, it may lead to a heap-based buffer overflow, potentially allowing an attacker to execute arbitrary code in the context of the affected application. This vulnerability is particularly concerning for users of applications like Firefox and GIMP that rely on LittleCMS.

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://secunia.com/advisories/34632

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2009
Vulnerability Reserved
Feb 24, 2009

Mozilla

What is CVE-2009-0723?

References

Timeline