CVE-2009-0793

Currently unrated

Key Information:

Vendor: Oracle
Status: Openjdk; Lcms
Vendor: CVE Published:; 9 April 2009

Summary

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://secunia.com/advisories/34635

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/34632

third-party-advisoryx_refsource_SECUNIA

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 9, 2009
Vulnerability Reserved
Mar 4, 2009