Upstream information

CVE-2009-0793 at MITRE

Description

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 490610 [RESOLVED / FIXED], 521512 [RESOLVED / FIXED], 521513 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • lcms >= 1.19-17.31
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Desktop 12 GA lcms
SUSE Linux Enterprise Desktop 12 SP1
  • lcms >= 1.19-17.31
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA lcms
SUSE Linux Enterprise Desktop 12 SP2
  • lcms >= 1.19-17.31
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA lcms
SUSE Linux Enterprise Desktop 12 SP3
  • lcms >= 1.19-17.31
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA lcms
SUSE Linux Enterprise Desktop 12 SP4
  • lcms >= 1.19-17.31
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Desktop 12 SP4 GA lcms
SUSE Linux Enterprise Server 11 SP1
  • lcms >= 1.17-77.14.19
  • liblcms1 >= 1.17-77.14.19
  • liblcms1-32bit >= 1.17-77.14.19
  • liblcms1-x86 >= 1.17-77.14.19
  • mozilla-xulrunner190 >= 1.9.0.19-0.1.1
  • mozilla-xulrunner190-32bit >= 1.9.0.19-0.1.1
  • mozilla-xulrunner190-gnomevfs >= 1.9.0.19-0.1.1
  • mozilla-xulrunner190-translations >= 1.9.0.19-0.1.1
  • mozilla-xulrunner190-x86 >= 1.9.0.19-0.1.1
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA lcms
SUSE Linux Enterprise Server 11 SP1 GA mozilla-xulrunner190
SUSE Linux Enterprise Server 11 SP2
  • lcms >= 1.17-77.14.19
  • liblcms1 >= 1.17-77.14.19
  • liblcms1-32bit >= 1.17-77.14.19
  • liblcms1-x86 >= 1.17-77.14.19
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA lcms
SUSE Linux Enterprise Server 11 SP3
  • lcms >= 1.17-77.14.19
  • liblcms1 >= 1.17-77.14.19
  • liblcms1-32bit >= 1.17-77.14.19
  • liblcms1-x86 >= 1.17-77.14.19
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA lcms
SUSE Linux Enterprise Server 11 SP4
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-32bit >= 1.17-77.16.1
  • liblcms1-x86 >= 1.17-77.16.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA lcms
SUSE Linux Enterprise Server 12
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Server 12 GA liblcms1
SUSE Linux Enterprise Server 12 SP1
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA liblcms1
SUSE Linux Enterprise Server 12 SP2
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA liblcms1
SUSE Linux Enterprise Server 12 SP3
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA liblcms1
SUSE Linux Enterprise Server 12 SP4
  • liblcms1 >= 1.19-17.31
  • liblcms1-32bit >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Server 12 SP4 GA liblcms1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • liblcms1 >= 1.19-17.28
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA liblcms1
SUSE Linux Enterprise Software Development Kit 11 SP4
  • liblcms-devel >= 1.17-77.16.1
  • liblcms-devel-32bit >= 1.17-77.16.1
  • python-lcms >= 1.17-77.16.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA liblcms-devel
SUSE Linux Enterprise Software Development Kit 12
  • liblcms-devel >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA liblcms-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • liblcms-devel >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA liblcms-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • liblcms-devel >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA liblcms-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • liblcms-devel >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA liblcms-devel
SUSE Linux Enterprise Software Development Kit 12 SP4
  • liblcms-devel >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP4 GA liblcms-devel
SUSE Linux Enterprise Workstation Extension 12
  • lcms >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA lcms
SUSE Linux Enterprise Workstation Extension 12 SP1
  • lcms >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA lcms
SUSE Linux Enterprise Workstation Extension 12 SP2
  • lcms >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA lcms
SUSE Linux Enterprise Workstation Extension 12 SP3
  • lcms >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP3 GA lcms
SUSE Linux Enterprise Workstation Extension 12 SP4
  • lcms >= 1.19-17.31
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP4 GA lcms
openSUSE 11.0
  • java-1_6_0-openjdk-debuginfo >= 1.5.1_b16-0.1
  • java-1_6_0-openjdk-debugsource >= 1.5.1_b16-0.1
openSUSE 11.0
  • java-1_6_0-openjdk >= 1.5.1_b16-0.1
  • java-1_6_0-openjdk-demo >= 1.5.1_b16-0.1
  • java-1_6_0-openjdk-devel >= 1.5.1_b16-0.1
  • java-1_6_0-openjdk-javadoc >= 1.5.1_b16-0.1
  • java-1_6_0-openjdk-plugin >= 1.5.1_b16-0.1
  • java-1_6_0-openjdk-src >= 1.5.1_b16-0.1
openSUSE 11.1
  • java-1_6_0-openjdk-debuginfo >= 1.5.1_b16-0.1.2
  • java-1_6_0-openjdk-debugsource >= 1.5.1_b16-0.1.2
openSUSE 11.1
  • java-1_6_0-openjdk >= 1.5.1_b16-0.1.2
  • java-1_6_0-openjdk-demo >= 1.5.1_b16-0.1.2
  • java-1_6_0-openjdk-devel >= 1.5.1_b16-0.1.2
  • java-1_6_0-openjdk-javadoc >= 1.5.1_b16-0.1.2
  • java-1_6_0-openjdk-plugin >= 1.5.1_b16-0.1.2
  • java-1_6_0-openjdk-src >= 1.5.1_b16-0.1.2
openSUSE Leap 42.1
  • liblcms-devel >= 1.19-19.1
  • liblcms1 >= 1.19-19.1
  • liblcms1-32bit >= 1.19-19.1
  • python-lcms >= 1.19-19.1
Patchnames:
openSUSE Leap 42.1 GA liblcms-devel
openSUSE Leap 42.2
  • liblcms-devel >= 1.19-20.4
  • liblcms1 >= 1.19-20.4
  • liblcms1-32bit >= 1.19-20.4
  • python-lcms >= 1.19-20.4
Patchnames:
openSUSE Leap 42.2 GA liblcms-devel
openSUSE Leap 42.3
  • liblcms-devel >= 1.19-22.3
  • liblcms1 >= 1.19-22.3
  • liblcms1-32bit >= 1.19-22.3
  • python-lcms >= 1.19-22.3
Patchnames:
openSUSE Leap 42.3 GA liblcms-devel
openSUSE Tumbleweed
  • lcms >= 1.19-19.8
  • liblcms-devel >= 1.19-19.8
  • liblcms-devel-32bit >= 1.19-19.8
  • liblcms1 >= 1.19-19.8
  • liblcms1-32bit >= 1.19-19.8
  • python-lcms >= 1.19-19.8
Patchnames:
openSUSE Tumbleweed GA lcms