漏洞信息详情
Little CMS CMSAllocGamma 缓冲区溢出和整数值有符号漏洞
- CNNVD编号:CNNVD-200812-037
- 危害等级: 高危
- CVE编号: CVE-2008-5317
- 漏洞类型: 数字错误
- 发布时间: 2008-12-03
- 威胁类型: 远程
- 更新时间: 2009-02-06
- 厂 商: littleCMS
- 漏洞来源: The vendor
漏洞简介
Little CMS是一个色彩管理库程序。
Little CMS 颜色引擎(又称lCMS) 1.17之前的版本的src/CMSgamma.c中的CMSAllocGamma函数存在带符号整数错误。攻击者可以借助一个包含\"输入数量\"值得一个文件来具有未知影响。由于它没有被适当地解释,会引起内存不充分的分配。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 4.0 arm
Debian liblCMS-utils_1.15-1.1+etch1_arm.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS-utils_1.15 -1.1+etch1_arm.deb
Debian liblCMS1-dev_1.15-1.1+etch1_arm.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1-dev_1.15- 1.1+etch1_arm.deb
Debian liblCMS1_1.15-1.1+etch1_arm.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1_1.15-1.1+ etch1_arm.deb
Debian Linux 4.0 powerpc
Debian liblCMS-utils_1.15-1.1+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS-utils_1.15 -1.1+etch1_powerpc.deb
Debian liblCMS1-dev_1.15-1.1+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1-dev_1.15- 1.1+etch1_powerpc.deb
Debian liblCMS1_1.15-1.1+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1_1.15-1.1+ etch1_powerpc.deb
Debian Linux 4.0 amd64
Debian liblCMS-utils_1.15-1.1+etch1_amd64.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS-utils_1.15 -1.1+etch1_amd64.deb
Debian liblCMS1-dev_1.15-1.1+etch1_amd64.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1-dev_1.15- 1.1+etch1_amd64.deb
Debian liblCMS1_1.15-1.1+etch1_amd64.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1_1.15-1.1+ etch1_amd64.deb
Debian Linux 4.0 ia-32
Debian liblCMS-utils_1.15-1.1+etch1_i386.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS-utils_1.15 -1.1+etch1_i386.deb
Debian liblCMS1-dev_1.15-1.1+etch1_i386.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1-dev_1.15- 1.1+etch1_i386.deb
Debian liblCMS1_1.15-1.1+etch1_i386.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1_1.15-1.1+ etch1_i386.deb
Debian Linux 4.0 hppa
Debian liblCMS-utils_1.15-1.1+etch1_hppa.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS-utils_1.15 -1.1+etch1_hppa.deb
Debian liblCMS1-dev_1.15-1.1+etch1_hppa.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1-dev_1.15- 1.1+etch1_hppa.deb
Debian liblCMS1_1.15-1.1+etch1_hppa.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1_1.15-1.1+ etch1_hppa.deb
Debian Linux 4.0 sparc
Debian liblCMS-utils_1.15-1.1+etch1_sparc.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS-utils_1.15 -1.1+etch1_sparc.deb
Debian liblCMS1-dev_1.15-1.1+etch1_sparc.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1-dev_1.15- 1.1+etch1_sparc.deb
Debian liblCMS1_1.15-1.1+etch1_sparc.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1_1.15-1.1+ etch1_sparc.deb
Debian Linux 4.0 s/390
Debian liblCMS-utils_1.15-1.1+etch1_s390.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS-utils_1.15 -1.1+etch1_s390.deb
Debian liblCMS1-dev_1.15-1.1+etch1_s390.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1-dev_1.15- 1.1+etch1_s390.deb
Debian liblCMS1_1.15-1.1+etch1_s390.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1_1.15-1.1+ etch1_s390.deb
Debian Linux 4.0 alpha
Debian liblCMS-utils_1.15-1.1+etch1_alpha.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS-utils_1.15 -1.1+etch1_alpha.deb
Debian liblCMS1-dev_1.15-1.1+etch1_alpha.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1-dev_1.15- 1.1+etch1_alpha.deb
Debian liblCMS1_1.15-1.1+etch1_alpha.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1_1.15-1.1+ etch1_alpha.deb
Debian Linux 4.0 mipsel
Debian liblCMS-utils_1.15-1.1+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS-utils_1.15 -1.1+etch1_mipsel.deb
Debian liblCMS1-dev_1.15-1.1+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1-dev_1.15- 1.1+etch1_mipsel.deb
Debian liblCMS1_1.15-1.1+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/l/lCMS/liblCMS1_1.15-1.1+ etch1_mipsel.deb
Debian Linux 4.0 ia-64
Debian liblCMS-utils_1.15-1.1+etch1_ia64.deb
http://security.debian.org/pool/updates/main/l
参考网址
来源: lCMS.cvs.sourceforge.net
链接:http://lCMS.cvs.sourceforge.net/viewvc/lCMS/lCMS/src/CMSgamma.c?view=diff&r1=1.16&r2=1.17
来源: XF
名称: lCMS-CMSallocgamma-bo(47120)
链接:http://xforce.iss.net/xforce/xfdb/47120
来源: UBUNTU
名称: USN-693-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-693-1
来源: BID
名称: 32708
链接:http://www.securityfocus.com/bid/32708
来源: MLIST
名称: [oss-security] 20081128 CVE request: lCMS (old issues)
链接:http://www.openwall.com/lists/oss-security/2008/11/28/3
来源: DEBIAN
名称: DSA-1684
链接:http://www.debian.org/security/2008/dsa-1684
来源: SECUNIA
名称: 33219
链接:http://secunia.com/advisories/33219
来源: SECUNIA
名称: 33066
链接:http://secunia.com/advisories/33066
受影响实体
补丁
暂无
评论