LittleCMS Integer Overflows and Input Validation Flaws Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1021869 |
|
SecurityTracker URL: http://securitytracker.com/id/1021869
|
|
CVE Reference:
CVE-2009-0723, CVE-2009-0733
(Links to External Site)
|
Date: Mar 20 2009
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
|
Version(s): 1.17
|
Description:
A vulnerability was reported in LittleCMS. A remote user can cause arbitrary code to be executed on the target system.
A remote user can create a specially crafted image file that, when processed by the target application, will trigger an integer overflow or input validation flaw and crash the target application or execute arbitrary code on the target system.
Chris Evans reported this vulnerability.
|
Impact:
A remote user can create a file that, when processed by the target application, will crash the target application or execute arbitrary code on the target system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: littlecms.com/ (Links to External Site)
|
Cause:
Boundary error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 19 Mar 2009 22:50:57 -0500
Subject: LittleCMS
|
CVE-2009-0723
CVE-2009-0733
|
|
