CVE-2008-5317

2008-12-0317:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve

2008

5317

integer signedness error

cmsallocgamma

lcms

color engine

security

vulnerability

nvd

6.1 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

85.0%

JSON

Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain “number of entries” value, which is interpreted improperly, leading to an allocation of insufficient memory.

CPENameOperatorVersion
littlecms:little_cms_color_enginelittlecms little cms color engineeq1.15
littlecms:lcmslittlecms lcmsle1.16
littlecms:lcmslittlecms lcmseq1.08
littlecms:little_cms_color_enginelittlecms little cms color engineeq1.12
littlecms:lcmslittlecms lcmseq1.14
littlecms:little_cms_color_enginelittlecms little cms color engineeq1.13
littlecms:lcmslittlecms lcmseq1.15
littlecms:little_cms_color_enginelittlecms little cms color engineeq1.11
littlecms:little_cms_color_enginelittlecms little cms color engineeq1.08
littlecms:lcmslittlecms lcmseq1.07

CPE	Name	Operator	Version
littlecms:little_cms_color_engine	littlecms little cms color engine	eq	1.15
littlecms:lcms	littlecms lcms	le	1.16
littlecms:lcms	littlecms lcms	eq	1.08
littlecms:little_cms_color_engine	littlecms little cms color engine	eq	1.12
littlecms:lcms	littlecms lcms	eq	1.14
littlecms:little_cms_color_engine	littlecms little cms color engine	eq	1.13
littlecms:lcms	littlecms lcms	eq	1.15
littlecms:little_cms_color_engine	littlecms little cms color engine	eq	1.11
littlecms:little_cms_color_engine	littlecms little cms color engine	eq	1.08
littlecms:lcms	littlecms lcms	eq	1.07