CVE-2009-0793

Name of the Vulnerable Software and Affected Versions LittleCMS (aka lcms or liblcms) version 1.18 lcms versions prior to 1.18-r1

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted image that triggers incorrect code execution for transformations of monochrome profiles. Multiple vulnerabilities in the lcms package can lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For LittleCMS version 1.18, update to a version newer than 1.18 to resolve the issue. For lcms versions prior to 1.18-r1, update to version 1.18-r1 or newer to mitigate the risk. As a temporary workaround, consider restricting the use of image transformations, especially those involving monochrome profiles, until a patch is available.