Bug 473462 - (CVE-2008-5316) CVE-2008-5316 lcms: insufficient input validation in ReadEmbeddedTextTag
CVE-2008-5316 lcms: insufficient input validation in ReadEmbeddedTextTag
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=internet,reported=20081014,pub...
: Security
Depends On: 473469 473470 479384 833921
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-28 11:24 EST by Tomas Hoger
Modified: 2016-03-04 07:49 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-29 04:39:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch used in SuSE security updates (5.40 KB, patch)
2008-11-28 11:26 EST, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2008-11-28 11:24:18 EST
The ReadEmbeddedTextTag in src/cmsio1.c did not properly check amount
of data read from the input file to the buffer provided as one of its
arguments.  Value read from the file was used as an upper bound without
any validation.

This issue was fixed upstream in 1.16.

Upstream CVS commit:
http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34
(some of the previous changes may be needed for 1.15)

References:
http://www.openwall.com/lists/oss-security/2008/11/28/3
Comment 1 Tomas Hoger 2008-11-28 11:26:03 EST
Created attachment 325024 [details]
Patch used in SuSE security updates

This was extracted from SuSE liblcms-1.15-32.src.rpm.  Original name of the patch was lcms-CVE-2007-2741.patch, but CVE-2007-2741 is a different issue that got fixed upstream in 1.15.
Comment 2 Tomas Hoger 2008-11-28 11:27:06 EST
Affected lcms versions are currently in Red Hat Enterprise Linux 5 and EPEL 4 (both based on upstream 1.15).
Comment 4 Tomas Hoger 2008-12-03 12:16:27 EST
CVE id CVE-2008-5316 was assigned to this issue:

Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in
Little cms color engine (aka lcms) before 1.16 allows attackers to
have an unknown impact via vectors related to a length parameter
inconsistency involving the contents of "the input file," a different
vulnerability than CVE-2007-2741.

Note You need to log in before you can comment on or make changes to this bug.