Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5317

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5317
Last Modified 30 Oct 2012 11:07:24
Published 03 Dec 2008 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5317

Summary

Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.

Vulnerable Systems

Application

  • Littlecms Lcms 1.07

  • Littlecms Lcms 1.08

  • Littlecms Lcms 1.09

  • Littlecms Lcms 1.10

  • Littlecms Lcms 1.11

  • Littlecms Lcms 1.12

  • Littlecms Lcms 1.13

  • Littlecms Lcms 1.14

  • Littlecms Lcms 1.15

  • Littlecms Lcms 1.16

  • Littlecms Little Cms Color Engine 1.07

  • Littlecms Little Cms Color Engine 1.08

  • Littlecms Little Cms Color Engine 1.09

  • Littlecms Little Cms Color Engine 1.10

  • Littlecms Little Cms Color Engine 1.11

  • Littlecms Little Cms Color Engine 1.12

  • Littlecms Little Cms Color Engine 1.13

  • Littlecms Little Cms Color Engine 1.14

  • Littlecms Little Cms Color Engine 1.15

  • Littlecms Little Cms Color Engine 1.16


References

CONFIRM - http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff&r1=1.16&r2=1.17

XF - lcms-cmsallocgamma-bo(47120)

UBUNTU - USN-693-1

BID - 32708

MLIST - [oss-security] 20081128 CVE request: lcms (old issues)

DEBIAN - DSA-1684

SECUNIA - 33219

SECUNIA - 33066

REDHAT - RHSA-2009:0011


Last Updated: 27 May 2016 10:49:47