Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5316

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5316
Last Modified 30 Oct 2012 11:07:24
Published 03 Dec 2008 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5316

Summary

Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.

Vulnerable Systems

Application

  • Littlecms Lcms 1.07

  • Littlecms Lcms 1.08

  • Littlecms Lcms 1.09

  • Littlecms Lcms 1.10

  • Littlecms Lcms 1.11

  • Littlecms Lcms 1.12

  • Littlecms Lcms 1.13

  • Littlecms Lcms 1.14

  • Littlecms Lcms 1.15

  • Littlecms Little Cms Color Engine 1.07

  • Littlecms Little Cms Color Engine 1.08

  • Littlecms Little Cms Color Engine 1.09

  • Littlecms Little Cms Color Engine 1.10

  • Littlecms Little Cms Color Engine 1.11

  • Littlecms Little Cms Color Engine 1.12

  • Littlecms Little Cms Color Engine 1.13

  • Littlecms Little Cms Color Engine 1.14

  • Littlecms Little Cms Color Engine 1.15


References

CONFIRM - http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34

XF - lcms-readembeddedtexttag-bo(47119)

BID - 32708

MLIST - [oss-security] 20081128 CVE request: lcms (old issues)

DEBIAN - DSA-1684

SECUNIA - 33066

REDHAT - RHSA-2009:0011


Last Updated: 27 May 2016 10:49:47