Integer Signedness Error in Little cms Color Engine
CVE-2008-5317

Currently unrated

Key Information:

Vendor: Littlecms
Status: Little Cms Color Engine; Lcms
Vendor: CVE Published:; 3 December 2008

What is CVE-2008-5317?

An integer signedness error exists in the cmsAllocGamma function of the Little cms color engine prior to version 1.17. Attackers can exploit this vulnerability by providing a specially crafted file that contains a manipulated 'number of entries' value. This value is incorrectly interpreted, potentially leading to insufficient memory allocation which could facilitate further exploitation or system instability.

References

http://secunia.com/advisories/33219

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/32708

vdb-entryx_refsource_BID

http://secunia.com/advisories/33066

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2008
Vulnerability Reserved
Dec 3, 2008

CVE-2008-5317 Data

JSON

Littlecms

What is CVE-2008-5317?

References

Timeline