CVE-2009-0733

LittleCMS <1.18beta2 - RCE

Title source: llm

Description

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

References (41)

... and 21 more

Scores

EPSS 0.0160
EPSS Percentile 81.5%

Classification

CWE
CWE-787
Status draft

Affected Products (4)

gimp/gimp < 2.9.2
mozilla/firefox
sun/openjdk < 7
littlecms/little_cms < 1.17

Timeline

Published Mar 23, 2009
Tracked Since Feb 18, 2026