CVE-2008-5317
03.12.2008, 17:30
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.Enginsight
| Vendor | Product | Version |
|---|---|---|
| littlecms | lcms | 𝑥 ≤ 1.16 |
| littlecms | lcms | 1.07 |
| littlecms | lcms | 1.08 |
| littlecms | lcms | 1.09 |
| littlecms | lcms | 1.10 |
| littlecms | lcms | 1.11 |
| littlecms | lcms | 1.12 |
| littlecms | lcms | 1.13 |
| littlecms | lcms | 1.14 |
| littlecms | lcms | 1.15 |
| littlecms | little_cms_color_engine | 𝑥 ≤ 1.16 |
| littlecms | little_cms_color_engine | 1.07 |
| littlecms | little_cms_color_engine | 1.08 |
| littlecms | little_cms_color_engine | 1.09 |
| littlecms | little_cms_color_engine | 1.10 |
| littlecms | little_cms_color_engine | 1.11 |
| littlecms | little_cms_color_engine | 1.12 |
| littlecms | little_cms_color_engine | 1.13 |
| littlecms | little_cms_color_engine | 1.14 |
| littlecms | little_cms_color_engine | 1.15 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Common Weakness Enumeration
References