Your submission was sent successfully! Close

CVE-2008-5317

Published: 03 December 2008

Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.

Priority

Medium

Status

Package Release Status
lcms
Launchpad, Ubuntu, Debian
Upstream
Released (1.17)