Denial of Service Vulnerability in LittleCMS Library by Argyros
CVE-2009-0793

Currently unrated

Key Information:

Vendor: Oracle
Status: Openjdk; Lcms
Vendor: CVE Published:; 9 April 2009

Summary

The LittleCMS library, specifically in the cmsxform.c file, is susceptible to a denial of service attack due to a null pointer dereference. An attacker can exploit this vulnerability by crafting a malicious image that triggers faulty execution during monochrome profile transformations, leading to application crashes. This vulnerability affects various products that incorporate the LittleCMS library, particularly impacting OpenJDK, and poses a significant risk to systems that rely on image processing functionalities.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://secunia.com/advisories/34635

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/34632

third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 9, 2009
Vulnerability Reserved
Mar 4, 2009