CVE-2009-0723

Name of the Vulnerable Software and Affected Versions liblcms1 versions prior to 1.18 liblcms1-dev versions prior to 1.18 lcms versions prior to 1.18 lcms-devel versions prior to 1.18 lcms-utils versions prior to 1.18

Description The issue involves multiple integer overflows in LittleCMS, which can be exploited by context-dependent attackers to execute arbitrary code via a crafted image file, leading to a heap-based buffer overflow. This can result in the disruption of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely.

Recommendations For liblcms1 versions prior to 1.18, update to version 1.18 or later. For liblcms1-dev versions prior to 1.18, update to version 1.18 or later. For lcms versions prior to 1.18, update to version 1.18 or later. For lcms-devel versions prior to 1.18, update to version 1.18 or later. For lcms-utils versions prior to 1.18, update to version 1.18 or later. As a temporary workaround, consider avoiding the use of crafted image files that could trigger a heap-based buffer overflow until a patch is available.