USN-652-1: LittleCMS vulnerability
14 October 2008
LittleCMS vulnerability
Releases
Packages
- lcms -
Details
Chris Evans discovered that certain ICC operations in lcms were not
correctly bounds-checked. If a user or automated system were tricked
into processing an image with malicious ICC tags, a remote attacker could
crash applications linked against liblcms1, leading to a denial of service,
or possibly execute arbitrary code with user privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 6.06
In general, a standard system upgrade is sufficient to effect the
necessary changes.
References
Related notices
- USN-693-1: lcms, liblcms1