Oval Definition:oval:org.mitre.oval:def:7412
Revision Date:2014-06-23Version:18
Title:DSA-1745 lcms -- several vulnerabilities
Description:Several security issues have been discovered in lcms, a color management library. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Evans discovered that lcms is affected by a memory leak, which could result in a denial of service via specially crafted image files. Chris Evans discovered that lcms is prone to several integer overflows via specially crafted image files, which could lead to the execution of arbitrary code. Chris Evans discovered the lack of upper-bounds check on sizes leading to a buffer overflow, which could be used to execute arbitrary code.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-0581
CVE-2009-0723
CVE-2009-0733
DSA-1745
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):lcms
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • liblcms1-dev is earlier than 1.17.dfsg-1+lenny1
  • OR liblcms1 is earlier than 1.17.dfsg-1+lenny1
  • OR liblcms-utils is earlier than 1.17.dfsg-1+lenny1
  • OR python-liblcms is earlier than 1.17.dfsg-1+lenny1
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Packages section
  • liblcms1-dev is earlier than 1.15-1.1+etch2
  • OR liblcms-utils is earlier than 1.15-1.1+etch2
  • OR liblcms1 is earlier than 1.15-1.1+etch2
    • BACK