First published: Thu Feb 26 2009(Updated: )
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/lcms | <0:1.18-0.1.beta1.el5_3.2 | 0:1.18-0.1.beta1.el5_3.2 |
redhat/java | <1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5 | 1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5 |
Mozilla Firefox | =3.1-beta1 | |
GIMP GIMP | ||
Sun Openjdk | <=7 | |
Littlecms Little Cms | <=1.17 | |
GIMP GIMP | <2.9.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.