CVE-2008-5316Improper Input Validation in Lcms

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
10.0CRITICALNVD
CNA9.3
EPSS
1.8%
top 16.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Littlecms LcmsLittlecms Little CMS Color Engine
Timeline
PublishedDec 3
Latest updateMay 17

Description

Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDlittlecms/lcms1.15+8

Patches

Patch: lcms.cvs.sourceforge.netPatch: lcms.cvs.sourceforge.net

🔴Vulnerability Details

2
GHSA
GHSA-hwr4-gr5c-2vfm: Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio12022-05-17
CVEList
CVE-2008-5316: Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio12008-12-03

📋Vendor Advisories

2
Ubuntu
LittleCMS vulnerability2008-10-14
Red Hat
lcms: insufficient input validation in ReadEmbeddedTextTag2007-11-22

💬Community

1
Bugzilla
CVE-2008-5316 lcms: insufficient input validation in ReadEmbeddedTextTag2008-11-28
CVE-2008-5316 — Improper Input Validation in Lcms | cvebase