Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 10: FEDORA-2009-3011 Critical: Integer Overflow in Argyllcms

fedora
Calendar Grey March 25, 2009
Dist Fedora Esm H88
A vulnerability identified in the Argyll content management system may enable arbitrary code execution via manipulated image uploads, necessitating urgent remediation.
Multiple integer overflows were found in the International Color Consortium Format Library (icclib)

Summary

The Argyll color management system supports accurate ICC profile creation for

scanners, CMYK printers, film recorders and calibration and profiling of

displays.

Spectral sample data is supported, allowing a selection of illuminants observer

types, and paper fluorescent whitener additive compensation. Profiles can also

incorporate source specific gamut mappings for perceptual and saturation

intents. Gamut mapping and profile linking uses the CIECAM02 appearance model,

a unique gamut mapping algorithm, and a wide selection of rendering intents. It

also includes code for the fastest portable 8 bit raster color conversion

engine available anywhere, as well as support for fast, fully accurate 16 bit

conversion. Device color gamuts can also be viewed and compared using a VRML

viewer.

Multiple integer overflows were found in the International Color Consortium

Format Library (icclib). An attacker could use this flaw to potentially execute

arbitrary code by requesting to translate a specially- crafted image file

created on one device into another's device native color space via a device

file.

* Mon Mar 23 2009 Jon Ciesla - 1.0.3-3

- Patch for ICC library CVE-2009-{0583, 0584} by Tim Waugh.

* Mon Feb 23 2009 Fedora Release Engineering - 1.0.3-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

[ 1 ] Bug #487742 - CVE-2009-0583 ghostscript: Multiple integer overflows in the International Color Consortium Format Library

https://bugzilla.redhat.com/show_bug.cgi?id=487742

[ 2 ] Bug #487744 - CVE-2009-0584 ghostscript: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library

https://bugzilla.redhat.com/show_bug.cgi?id=487744

su -c 'yum update argyllcms' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory fedora software update critical threat integer overflow code execution risk argyllcms

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 10
Version: 1.0.3
Release: 3.fc10
URL:
Summary: ICC compatible color management system

Topics%20covered

Topics Covered

security advisory fedora software update critical threat integer overflow code execution risk argyllcms

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here