Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: Little CMS, denial of service via monochrome

May 2009 by Vigil@nce

An image with a malicious ICC profile dereferences a NULL pointer in Little CMS.

- Severity: 1/4
- Consequences: denial of service of client
- Provenance: document
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Creation date: 11/05/2009


- Fedora
- Unix - plateform


The Little CMS (lcms, Color Management System) library handles images.

The ICC (International Color Consortium) profile defines color variations needed by each device in order to display identical colors. Some image types, such as JPEG or PNG, can contain ICC profiles.

The cmsBuildGrayOutputMatrixShaper() function of the src/cmsxform.c file of Little CMS reads the monochrome ICC profile of an image. When the profile is invalid, the cmsReadICCGamma() function returns a NULL pointer, which is dereferenced in cmsBuildGrayOutputMatrixShaper().

An attacker can therefore invite the victim to open a malicious image in a software using a monochrome display, in order to stop the application.


- Identifiers: CVE-2009-0793, FEDORA-2009-3425, FEDORA-2009-3426, FEDORA-2009-3914, FEDORA-2009-3967, VIGILANCE-VUL-8700
- Url:

See previous articles


See next articles