Mageia 6: MGASA-2018-0387 Moderate: Lcms2 Integer Overflow

mageia

September 21, 2018

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData fu...

Summary

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. (CVE-2018-16435)

References

- https://bugs.mageia.org/show_bug.cgi?id=23533

- https://lists.debian.org/debian-security-announce/2018/msg00214.html

- https://www.cve.org/CVERecord?id=CVE-2018-16435

Topics Covered

security advisory security issue buffer overflow integer overflow lcms2 Mageia heap exploit

Resolution

SRPMS

- 6/core/lcms2-2.8-2.1.mga6

Publication date: 21 Sep 2018

URL: https://advisories.mageia.org/MGASA-2018-0387.html

Type: security

CVE: CVE-2018-16435

Topics Covered

security advisory security issue buffer overflow integer overflow lcms2 Mageia heap exploit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks