CVE-2009-0723

Published: 23 March 2009

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Priority

Medium

Status

Package Release Status
lcms
Launchpad, Ubuntu, Debian
Upstream
Released (1.18beta2)