oss-sec mailing list archives

Re: CVE request: lcms (old issues)

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 3 Dec 2008 11:52:59 -0500 (EST)


======================================================
Name: CVE-2008-5316
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5316
Reference: MLIST:[oss-security] 20081128 CVE request: lcms (old issues)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/28/3
Reference: CONFIRM:http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34

Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in
Little cms color engine (aka lcms) before 1.16 allows attackers to
have an unknown impact via vectors related to a length parameter
inconsistency involving the contents of "the input file," a different
vulnerability than CVE-2007-2741.


======================================================
Name: CVE-2008-5317
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5317
Reference: MLIST:[oss-security] 20081128 CVE request: lcms (old issues)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/28/3
Reference: CONFIRM:http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff&r1=1.16&r2=1.17

Integer signedness error in the cmsAllocGamma function in
src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17
allows attackers to have an unknown impact via a file containing a
certain "number of entries" value, which is interpreted improperly,
leading to an allocation of insufficient memory.

Current thread:

CVE request: lcms (old issues) Tomas Hoger (Nov 28)
- Re: CVE request: lcms (old issues) Steven M. Christey (Dec 03)