Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-5317 | First vendor Publication | 2008-12-03 |
Vendor | Cve | Last vendor Modification | 2018-10-03 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5317 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10685 | |||
Oval ID: | oval:org.mitre.oval:def:10685 | ||
Title: | Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. | ||
Description: | Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5317 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17502 | |||
Oval ID: | oval:org.mitre.oval:def:17502 | ||
Title: | USN-693-1 -- LittleCMS vulnerability | ||
Description: | It was discovered that certain gamma operations in lcms were not correctly bounds-checked. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-693-1 CVE-2008-5317 | Version: | 7 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | lcms |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17627 | |||
Oval ID: | oval:org.mitre.oval:def:17627 | ||
Title: | USN-652-1 -- lcms vulnerability | ||
Description: | Chris Evans discovered that certain ICC operations in lcms were not correctly bounds-checked. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-652-1 CVE-2007-2741 CVE-2008-5316 CVE-2008-5317 | Version: | 7 |
Platform(s): | Ubuntu 6.06 | Product(s): | lcms |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18632 | |||
Oval ID: | oval:org.mitre.oval:def:18632 | ||
Title: | DSA-1684-1 lcms - multiple vulnerabilities | ||
Description: | Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1684-1 CVE-2008-5316 CVE-2008-5317 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | lcms |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21820 | |||
Oval ID: | oval:org.mitre.oval:def:21820 | ||
Title: | ELSA-2009:0011: lcms security update (Moderate) | ||
Description: | Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0011-01 CVE-2008-5316 CVE-2008-5317 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | lcms |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29300 | |||
Oval ID: | oval:org.mitre.oval:def:29300 | ||
Title: | RHSA-2009:0011 -- lcms security update (Moderate) | ||
Description: | Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0011 CESA-2009:0011-CentOS 5 CVE-2008-5316 CVE-2008-5317 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | lcms |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7206 | |||
Oval ID: | oval:org.mitre.oval:def:7206 | ||
Title: | DSA-1684 lcms -- multiple vulnerabilities | ||
Description: | Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. The Common Vulnerabilities and Exposures project identifies the following problems: Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened. An integer sign error in reading image gamma data could allow an attacker to cause an under-sized buffer to be allocated for subsequent image data, with unknown consequences potentially including the execution of arbitrary code if a maliciously-crafted image is opened. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1684 CVE-2008-5316 CVE-2008-5317 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | lcms |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for lcms CESA-2009:0011 centos5 i386 File : nvt/gb_CESA-2009_0011_lcms_centos5_i386.nasl |
2009-03-23 | Name : Ubuntu Update for LittleCMS vulnerability USN-693-1 File : nvt/gb_ubuntu_USN_693_1.nasl |
2009-01-13 | Name : CentOS Security Advisory CESA-2009:0011 (lcms) File : nvt/ovcesa2009_0011.nasl |
2009-01-07 | Name : RedHat Security Advisory RHSA-2009:0011 File : nvt/RHSA_2009_0011.nasl |
2008-12-23 | Name : Debian Security Advisory DSA 1684-1 (lcms) File : nvt/deb_1684_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50584 | Little CMS Color Engine (lcms) src/cmsgamma.c cmsAllocGamma Function Unspecif... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0011.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090107_lcms_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0011.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-652-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-693-1.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0011.nasl - Type : ACT_GATHER_INFO |
2008-12-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1684.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-05 01:05:17 |
|
2021-05-04 12:08:26 |
|
2021-04-22 01:08:47 |
|
2020-05-24 01:05:05 |
|
2020-05-23 00:22:39 |
|
2018-10-04 00:19:33 |
|
2017-09-29 09:23:50 |
|
2017-08-08 09:24:32 |
|
2017-02-19 12:02:04 |
|
2016-04-26 18:04:52 |
|
2014-02-17 10:47:28 |
|
2013-05-11 00:31:39 |
|
2012-11-07 00:18:40 |
|