MDKSA-2007:238

Package name

liblcms

Date

2007-12-06

Advisory ID

MDKSA-2007:238

Affected versions

CS3.0 i586 , CS4.0 x86_64 , CS3.0 x86_64 , CS4.0 i586

Problem description

Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows
remote attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file.

Updated package fixes this issue.

Updated packages

CS3.0 i586

 67235f6fbaa2e362cc0c1d52649d18d3  corporate/3.0/i586/liblcms1-1.10-1.1.C30mdk.i586.rpm
 805fa6864cf88a13b941ec4e413c71e0  corporate/3.0/i586/liblcms1-devel-1.10-1.1.C30mdk.i586.rpm 
 293cca953384a2f3bac3cc2ea65b1b55  corporate/3.0/SRPMS/liblcms-1.10-1.1.C30mdk.src.rpm

CS4.0 x86_64

 79be0e773bb6dd1736e5249801dedd36  corporate/4.0/x86_64/lib64lcms1-1.14-1.1.20060mlcs4.x86_64.rpm
 f4b498d695b67bdb99598c8d752c9176  corporate/4.0/x86_64/lib64lcms1-devel-1.14-1.1.20060mlcs4.x86_64.rpm 
 2bea4f9e697ab0ff649e626f4d66681c  corporate/4.0/SRPMS/liblcms-1.14-1.1.20060mlcs4.src.rpm

CS3.0 x86_64

 78a9e7f2ea86ff138e07237c3b5d5bbe  corporate/3.0/x86_64/lib64lcms1-1.10-1.1.C30mdk.x86_64.rpm
 d5e8741839d23244b7cb357ef3cf8dbf  corporate/3.0/x86_64/lib64lcms1-devel-1.10-1.1.C30mdk.x86_64.rpm 
 293cca953384a2f3bac3cc2ea65b1b55  corporate/3.0/SRPMS/liblcms-1.10-1.1.C30mdk.src.rpm

CS4.0 i586

 005f430298518600444476df0864ae5d  corporate/4.0/i586/liblcms1-1.14-1.1.20060mlcs4.i586.rpm
 9ddc51c13d7b905cc519b1e01923001d  corporate/4.0/i586/liblcms1-devel-1.14-1.1.20060mlcs4.i586.rpm 
 2bea4f9e697ab0ff649e626f4d66681c  corporate/4.0/SRPMS/liblcms-1.14-1.1.20060mlcs4.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2741
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5316
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5317