Published: 03/12/2008 Updated: 29/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) prior to 1.16 allows malicious users to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.

Vulnerable Product	Search on Vulmon	Subscribe to Product
littlecms lcms 1.08
littlecms lcms 1.07
littlecms lcms 1.10
littlecms lcms 1.09
littlecms little cms color engine 1.09
littlecms little cms color engine 1.08
littlecms lcms 1.14
littlecms lcms 1.13
littlecms little cms color engine 1.14
littlecms little cms color engine 1.13
littlecms little cms color engine 1.12
littlecms lcms
littlecms lcms 1.12
littlecms lcms 1.11
littlecms little cms color engine 1.11
littlecms little cms color engine 1.10
littlecms little cms color engine 1.07
littlecms little cms color engine

Synopsis Moderate: lcms security update Type/Severity Security Advisory: Moderate Topic Updated lcms packages that resolve several security issues are nowavailable for Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Desc ...

Chris Evans discovered that certain ICC operations in lcms were not correctly bounds-checked If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges ...

Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5316 Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling ...

CWE-119 http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34 http://www.openwall.com/lists/oss-security/2008/11/28/3 http://secunia.com/advisories/33066 http://www.debian.org/security/2008/dsa-1684 http://www.securityfocus.com/bid/32708 http://www.redhat.com/support/errata/RHSA-2009-0011.html https://exchange.xforce.ibmcloud.com/vulnerabilities/47119 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10531 https://access.redhat.com/errata/RHSA-2009:0011 https://usn.ubuntu.com/652-1/https://nvd.nist.gov

CVE-2008-5316

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect