CVE-2008-5317 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-5317
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-5317

Description: Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/47120 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-693-1 SAID Secunia Advisory: SA33066 Secunia Advisory: SA33219 MLIST http://www.openwall.com/lists/oss-security/2008/11/28/3 DEBIAN http://www.debian.org/security/2008/dsa-1684 CONFIRM http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff&r1=1.16&r2=1.17 BID 32708

Return to the previous page.