CVE-2008-5316
Summary
| CVE | CVE-2008-5316 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-12-03 17:30:00 UTC |
| Updated | 2017-09-29 01:32:00 UTC |
| Description | Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Littlecms | Lcms | 1.07 | All | All | All |
| Application | Littlecms | Lcms | 1.08 | All | All | All |
| Application | Littlecms | Lcms | 1.09 | All | All | All |
| Application | Littlecms | Lcms | 1.10 | All | All | All |
| Application | Littlecms | Lcms | 1.11 | All | All | All |
| Application | Littlecms | Lcms | 1.12 | All | All | All |
| Application | Littlecms | Lcms | 1.13 | All | All | All |
| Application | Littlecms | Lcms | 1.14 | All | All | All |
| Application | Littlecms | Lcms | 1.07 | All | All | All |
| Application | Littlecms | Lcms | 1.08 | All | All | All |
| Application | Littlecms | Lcms | 1.09 | All | All | All |
| Application | Littlecms | Lcms | 1.10 | All | All | All |
| Application | Littlecms | Lcms | 1.11 | All | All | All |
| Application | Littlecms | Lcms | 1.12 | All | All | All |
| Application | Littlecms | Lcms | 1.13 | All | All | All |
| Application | Littlecms | Lcms | 1.14 | All | All | All |
| Application | Littlecms | Lcms | All | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.07 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.08 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.09 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.10 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.11 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.12 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.13 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.14 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.07 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.08 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.09 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.10 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.11 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.12 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.13 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | 1.14 | All | All | All |
| Application | Littlecms | Little Cms Color Engine | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - CVE request: lcms (old issues) | MLIST | www.openwall.com | Exploit |
| Debian update for lcms - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Debian -- Security Information -- DSA-1684-1 lcms | DEBIAN | www.debian.org | |
| CVS Info for project lcms | CONFIRM | lcms.cvs.sourceforge.net | Exploit, Patch |
| Little CMS Buffer Overflow and Integer Signedness Vulnerabilities | BID | www.securityfocus.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Support | REDHAT | www.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.