CVE-2009-0733

Publication date 23 March 2009

Last updated 24 July 2024

Ubuntu priority

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
lcms	8.10 intrepid	Fixed 1.16-10ubuntu0.2
	8.04 LTS hardy	Fixed 1.16-7ubuntu1.2
	7.10 gutsy	Fixed 1.16-5ubuntu3.2
	6.06 LTS dapper	Fixed 1.13-1ubuntu0.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-744-1
LittleCMS vulnerabilities
23 March 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0733