DSA-1684 lcms -- multiple vulnerabilitiesID: oval:org.mitre.oval:def:7206 | Date: (C)2009-12-15 (M)2022-10-10 |
Class: PATCH | Family: unix |
Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. The Common Vulnerabilities and Exposures project identifies the following problems: Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the stack, potentially enabling the execution of arbitrary code when a maliciously-crafted image is opened. An integer sign error in reading image gamma data could allow an attacker to cause an under-sized buffer to be allocated for subsequent image data, with unknown consequences potentially including the execution of arbitrary code if a maliciously-crafted image is opened.