GoogleOSV:DSA-1684-1lcms - multiple vulnerabilities
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.011 Low
EPSS
Percentile
82.3%
Two vulnerabilities have been found in lcms, a library and set of
commandline utilities for image color management. The Common
Vulnerabilities and Exposures project identifies the following
problems:
- CVE-2008-5316
Inadequate enforcement of fixed-length buffer limits allows an
attacker to overflow a buffer on the stack, potentially enabling
the execution of arbitrary code when a maliciously-crafted
image is opened. - CVS-2008-5317
An integer sign error in reading image gamma data could allow an
attacker to cause an under-sized buffer to be allocated for
subsequent image data, with unknown consequences potentially
including the execution of arbitrary code if a maliciously-crafted
image is opened.
For the stable distribution (etch), these problems have been fixed in
version 1.15-1.1+etch1.
For the upcoming stable distribution (lenny), and the unstable
distribution (sid), these problems are fixed in version 1.17.dfsg-1.
We recommend that you upgrade your lcms packages.
References
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.011 Low
EPSS
Percentile
82.3%