CVE-2008-5316

Name of the Vulnerable Software and Affected Versions lcms versions 1.15 lcms-devel versions 1.15

Description The issue involves multiple vulnerabilities in the lcms package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow vulnerability exists in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine before version 1.16, allowing attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of the input file.

Recommendations For lcms versions 1.15, update to version 1.16 or later to resolve the issue. For lcms-devel versions 1.15, update to version 1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable lcms package until a patch is available.