CVE-2008-5317

Name of the Vulnerable Software and Affected Versions lcms versions 1.15 through 1.16 lcms-devel versions 1.15 through 1.16

Description The issue is related to multiple vulnerabilities in the lcms package, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. A specific error, an integer signedness error in the cmsAllocGamma function, allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.

Recommendations For lcms versions 1.15 through 1.16, update to version 1.17 or later to resolve the issue. For lcms-devel versions 1.15 through 1.16, update to version 1.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the cmsAllocGamma function until a patch is available.