Vulnerability Report

CVE-2009-0581

Title: Mozilla Firefox Denial of Service (DoS)

Denial of Service (DoS)

Proof Of Concept

No public PoC currently indexed for CVE-2009-0581.

CWE Category CWE-401

Published Date Mar 23, 2009

Modified Date Apr 09, 2025

Exploit Status Not Found

Score 4.3 CVSS v2.0

Exploit Probability (EPSS)

1.89%

Vulnerability Summary

CVE-2009-0581: Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

Impacted Vendors

Reference Links

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://secunia.com/advisories/34367 http://secunia.com/advisories/34382 http://secunia.com/advisories/34400 http://secunia.com/advisories/34408 http://secunia.com/advisories/34418 http://secunia.com/advisories/34442 http://secunia.com/advisories/34450 http://secunia.com/advisories/34454 http://secunia.com/advisories/34463 http://secunia.com/advisories/34632 http://secunia.com/advisories/34675 http://secunia.com/advisories/34782 http://security.gentoo.org/glsa/glsa-200904-19.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 http://www.debian.org/security/2009/dsa-1745 http://www.debian.org/security/2009/dsa-1769 http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 http://www.ocert.org/advisories/ocert-2009-003.html http://www.redhat.com/support/errata/RHSA-2009-0339.html http://www.securityfocus.com/archive/1/502018/100/0/threaded http://www.securityfocus.com/archive/1/502031/100/0/threaded http://www.securityfocus.com/bid/34185 http://www.securitytracker.com/id?1021870 http://www.ubuntu.com/usn/USN-744-1 http://www.vupen.com/english/advisories/2009/0775 https://bugzilla.redhat.com/show_bug.cgi?id=487509 https://exchange.xforce.ibmcloud.com/vulnerabilities/49328 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023 https://rhn.redhat.com/errata/RHSA-2009-0377.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://secunia.com/advisories/34367 http://secunia.com/advisories/34382 http://secunia.com/advisories/34400 http://secunia.com/advisories/34408 http://secunia.com/advisories/34418 http://secunia.com/advisories/34442 http://secunia.com/advisories/34450 http://secunia.com/advisories/34454 http://secunia.com/advisories/34463 http://secunia.com/advisories/34632 http://secunia.com/advisories/34675 http://secunia.com/advisories/34782 http://security.gentoo.org/glsa/glsa-200904-19.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 http://www.debian.org/security/2009/dsa-1745 http://www.debian.org/security/2009/dsa-1769 http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 http://www.ocert.org/advisories/ocert-2009-003.html http://www.redhat.com/support/errata/RHSA-2009-0339.html http://www.securityfocus.com/archive/1/502018/100/0/threaded http://www.securityfocus.com/archive/1/502031/100/0/threaded http://www.securityfocus.com/bid/34185 http://www.securitytracker.com/id?1021870 http://www.ubuntu.com/usn/USN-744-1 http://www.vupen.com/english/advisories/2009/0775 https://bugzilla.redhat.com/show_bug.cgi?id=487509 https://exchange.xforce.ibmcloud.com/vulnerabilities/49328 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10023 https://rhn.redhat.com/errata/RHSA-2009-0377.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

4.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:N/I:N/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2009-0581 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

March 23, 2009 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected Stack

No specific products linked.