[SECURITY] [DLA 1496-1] lcms2 security update

ID DEBIAN:DLA-1496-1:2F059
Type debian
Reporter Debian
Modified 2018-09-06T09:21:06


Package : lcms2 Version : 2.6-3+deb8u2 CVE ID : CVE-2018-16435 Debian Bug : #907983

It was discovered that there was an integer overflow vulnerability in the "Little CMS 2" colour management library. A specially-crafted input file could lead to a heap-based buffer overflow.

For Debian 8 "Jessie", this issue has been fixed in lcms2 version 2.6-3+deb8u2.

We recommend that you upgrade your lcms2 packages.


 : :'  :     Chris Lamb
 `. `'`      lamby@debian.org / chris-lamb.co.uk