Vulnerability Report

CVE-2009-0733

RCE

Title: Mozilla Firefox RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2009-0733.

CWE Category CWE-787

Published Date Mar 23, 2009

Modified Date Apr 09, 2025

Exploit Status Not Found

Score 9.3 CVSS v2.0

Exploit Probability (EPSS)

1.87%

Vulnerability Summary

CVE-2009-0733: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

Impacted Vendors

Reference Links

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://secunia.com/advisories/34367 http://secunia.com/advisories/34382 http://secunia.com/advisories/34400 http://secunia.com/advisories/34408 http://secunia.com/advisories/34418 http://secunia.com/advisories/34442 http://secunia.com/advisories/34450 http://secunia.com/advisories/34454 http://secunia.com/advisories/34463 http://secunia.com/advisories/34632 http://secunia.com/advisories/34675 http://secunia.com/advisories/34782 http://security.gentoo.org/glsa/glsa-200904-19.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 http://www.debian.org/security/2009/dsa-1745 http://www.debian.org/security/2009/dsa-1769 http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 http://www.ocert.org/advisories/ocert-2009-003.html http://www.redhat.com/support/errata/RHSA-2009-0339.html http://www.securityfocus.com/archive/1/502018/100/0/threaded http://www.securityfocus.com/archive/1/502031/100/0/threaded http://www.securityfocus.com/bid/34185 http://www.securitytracker.com/id?1021869 http://www.ubuntu.com/usn/USN-744-1 http://www.vupen.com/english/advisories/2009/0775 https://bugzilla.redhat.com/show_bug.cgi?id=487512 https://exchange.xforce.ibmcloud.com/vulnerabilities/49330 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742 https://rhn.redhat.com/errata/RHSA-2009-0377.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://secunia.com/advisories/34367 http://secunia.com/advisories/34382 http://secunia.com/advisories/34400 http://secunia.com/advisories/34408 http://secunia.com/advisories/34418 http://secunia.com/advisories/34442 http://secunia.com/advisories/34450 http://secunia.com/advisories/34454 http://secunia.com/advisories/34463 http://secunia.com/advisories/34632 http://secunia.com/advisories/34675 http://secunia.com/advisories/34782 http://security.gentoo.org/glsa/glsa-200904-19.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 http://www.debian.org/security/2009/dsa-1745 http://www.debian.org/security/2009/dsa-1769 http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 http://www.ocert.org/advisories/ocert-2009-003.html http://www.redhat.com/support/errata/RHSA-2009-0339.html http://www.securityfocus.com/archive/1/502018/100/0/threaded http://www.securityfocus.com/archive/1/502031/100/0/threaded http://www.securityfocus.com/bid/34185 http://www.securitytracker.com/id?1021869 http://www.ubuntu.com/usn/USN-744-1 http://www.vupen.com/english/advisories/2009/0775 https://bugzilla.redhat.com/show_bug.cgi?id=487512 https://exchange.xforce.ibmcloud.com/vulnerabilities/49330 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742 https://rhn.redhat.com/errata/RHSA-2009-0377.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2009-0733 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

March 23, 2009 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.