CVE-2009-0733

Name of the Vulnerable Software and Affected Versions lcms versions prior to 1.18beta2 liblcms1-dev versions prior to 1.18 liblcms1 versions prior to 1.18 liblcms-utils versions prior to 1.18 lcms-devel-1.18 versions prior to 1.18

Description The issue involves multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS, which can be exploited to execute arbitrary code via a crafted image file associated with a large integer value for the input or output channel. This is related to the ReadLUT A2B and ReadLUT B2A functions. The exploitation can lead to a violation of confidentiality, integrity, and availability of protected information and can be performed remotely.

Recommendations For lcms versions prior to 1.18beta2, update to version 1.18beta2 or later. For liblcms1-dev versions prior to 1.18, update to version 1.18 or later. For liblcms1 versions prior to 1.18, update to version 1.18 or later. For liblcms-utils versions prior to 1.18, update to version 1.18 or later. For lcms-devel-1.18 versions prior to 1.18, update to version 1.18 or later.