Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 1684-1 (lcms)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to lcms announced via advisory DSA 1684-1.
Insight
Insight
Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5316 Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened. CVS-2008-5317 An integer sign error in reading image gamma data could allow an attacker to cause an under-sized buffer to be allocated for subsequent image data, with unknown consequences potentially including the execution of arbitrary code if a maliciously-crafted image is opened. For the stable distribution (etch), these problems have been fixed in version 1.14-1.1+etch1. For the upcoming stable distribution (lenny), and the unstable distribution (sid), these problems are fixed in version 1.17.dfsg-1. We recommend that you upgrade your lcms packages.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201684-1