CVE-2009-0733 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0733 Interim 1 13 2023-12-09T02:05:40Z current 2021-05-30T12:46:02Z 2023-12-09T02:05:40Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0733 Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NOZXT5CRBFF3XA2BV65LMEOU4RCEEGD5/#NOZXT5CRBFF3XA2BV65LMEOU4RCEEGD5 E-Mail link for SUSE-SR:2009:007 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SUSE Linux Enterprise Software Development Kit 11 SP4 lcms-1.17-77.12.1 lcms-1.17-77.14.19 lcms-1.17-77.16.1 liblcms-devel-1.17-77.16.1 liblcms-devel-32bit-1.17-77.16.1 liblcms1-1.17-77.12.1 liblcms1-1.17-77.14.19 liblcms1-1.17-77.16.1 liblcms1-32bit-1.17-77.12.1 liblcms1-32bit-1.17-77.14.19 liblcms1-32bit-1.17-77.16.1 liblcms1-x86-1.17-77.12.1 liblcms1-x86-1.17-77.14.19 liblcms1-x86-1.17-77.16.1 python-lcms-1.17-77.16.1 lcms-1.17-77.12.1 as a component of SUSE Linux Enterprise Server 11 liblcms1-1.17-77.12.1 as a component of SUSE Linux Enterprise Server 11 liblcms1-32bit-1.17-77.12.1 as a component of SUSE Linux Enterprise Server 11 liblcms1-x86-1.17-77.12.1 as a component of SUSE Linux Enterprise Server 11 lcms-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP1 liblcms1-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP1 liblcms1-32bit-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP1 liblcms1-x86-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP1 lcms-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP2 liblcms1-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP2 liblcms1-32bit-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP2 liblcms1-x86-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP2 lcms-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP3 liblcms1-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP3 liblcms1-32bit-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP3 liblcms1-x86-1.17-77.14.19 as a component of SUSE Linux Enterprise Server 11 SP3 lcms-1.17-77.16.1 as a component of SUSE Linux Enterprise Server 11 SP4 liblcms1-1.17-77.16.1 as a component of SUSE Linux Enterprise Server 11 SP4 liblcms1-32bit-1.17-77.16.1 as a component of SUSE Linux Enterprise Server 11 SP4 liblcms1-x86-1.17-77.16.1 as a component of SUSE Linux Enterprise Server 11 SP4 lcms-1.17-77.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 liblcms1-1.17-77.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 liblcms1-32bit-1.17-77.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 liblcms1-x86-1.17-77.12.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 liblcms-devel-1.17-77.16.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 liblcms-devel-32bit-1.17-77.16.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 python-lcms-1.17-77.16.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. CVE-2009-0733 SUSE Linux Enterprise Server 11:lcms-1.17-77.12.1 SUSE Linux Enterprise Server 11:liblcms1-1.17-77.12.1 SUSE Linux Enterprise Server 11:liblcms1-32bit-1.17-77.12.1 SUSE Linux Enterprise Server 11:liblcms1-x86-1.17-77.12.1 SUSE Linux Enterprise Server 11 SP1:lcms-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP1:liblcms1-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP1:liblcms1-32bit-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP1:liblcms1-x86-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP2:lcms-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP2:liblcms1-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP2:liblcms1-32bit-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP2:liblcms1-x86-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP3:lcms-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP3:liblcms1-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP3:liblcms1-32bit-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP3:liblcms1-x86-1.17-77.14.19 SUSE Linux Enterprise Server 11 SP4:lcms-1.17-77.16.1 SUSE Linux Enterprise Server 11 SP4:liblcms1-1.17-77.16.1 SUSE Linux Enterprise Server 11 SP4:liblcms1-32bit-1.17-77.16.1 SUSE Linux Enterprise Server 11 SP4:liblcms1-x86-1.17-77.16.1 SUSE Linux Enterprise Server for SAP Applications 11:lcms-1.17-77.12.1 SUSE Linux Enterprise Server for SAP Applications 11:liblcms1-1.17-77.12.1 SUSE Linux Enterprise Server for SAP Applications 11:liblcms1-32bit-1.17-77.12.1 SUSE Linux Enterprise Server for SAP Applications 11:liblcms1-x86-1.17-77.12.1 SUSE Linux Enterprise Software Development Kit 11 SP4:liblcms-devel-1.17-77.16.1 SUSE Linux Enterprise Software Development Kit 11 SP4:liblcms-devel-32bit-1.17-77.16.1 SUSE Linux Enterprise Software Development Kit 11 SP4:python-lcms-1.17-77.16.1 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C