Lucene search

Gentoo FoundationMGASA-2013-0240

HistoryAug 09, 2013 - 9:30 p.m.

Updated lcms2 packages fixes security vulnerability

2013-08-0921:30:53

Gentoo Foundation

advisories.mageia.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

JSON

It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash (CVE-2013-4160).

OSVersionArchitecturePackageVersionFilename
Mageia2noarchlcms2< 2.5-1lcms2-2.5-1.mga2
Mageia3noarchlcms2< 2.5-1lcms2-2.5-1.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	2	noarch	lcms2	< 2.5-1	lcms2-2.5-1.mga2
Mageia	3	noarch	lcms2	< 2.5-1	lcms2-2.5-1.mga3

References

www.ubuntu.com/usn/usn-1911-1/

bugs.mageia.org/show_bug.cgi?id=10816

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

JSON

Related for MGASA-2013-0240