Home

CVE-2009-0723

Description

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Risk Information

Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.858

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2009-0581,CVE-2009-0723,CVE-2009-0733 are affected in Mozilla Firefox 3.1Windows
Vulnerabilities CVE-2009-0581,CVE-2009-0723,CVE-2009-0733 are affected in GIMP 2.10.4Windows
(RHSA-2009:0339) Moderate: lcms security update lcms-1.18-0.1.beta1.el5_3.2.i386.rpmLinux
(RHSA-2009:0339) Moderate: lcms security update lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpmLinux
(RHSA-2009:0339) Moderate: lcms security update lcms-devel-1.18-0.1.beta1.el5_3.2.i386.rpmLinux
(RHSA-2009:0339) Moderate: lcms security update lcms-devel-1.18-0.1.beta1.el5_3.2.x86_64.rpmLinux
(RHSA-2009:0339) Moderate: lcms security update python-lcms-1.18-0.1.beta1.el5_3.2.i386.rpmLinux
(RHSA-2009:0339) Moderate: lcms security update python-lcms-1.18-0.1.beta1.el5_3.2.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-338143GIMP (2.10.38)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234