Red Hat Bugzilla – Bug 473462
CVE-2008-5316 lcms: insufficient input validation in ReadEmbeddedTextTag
Last modified: 2016-03-04 07:49:29 EST
The ReadEmbeddedTextTag in src/cmsio1.c did not properly check amount
of data read from the input file to the buffer provided as one of its
arguments. Value read from the file was used as an upper bound without
This issue was fixed upstream in 1.16.
Upstream CVS commit:
(some of the previous changes may be needed for 1.15)
Created attachment 325024 [details]
Patch used in SuSE security updates
This was extracted from SuSE liblcms-1.15-32.src.rpm. Original name of the patch was lcms-CVE-2007-2741.patch, but CVE-2007-2741 is a different issue that got fixed upstream in 1.15.
Affected lcms versions are currently in Red Hat Enterprise Linux 5 and EPEL 4 (both based on upstream 1.15).
CVE id CVE-2008-5316 was assigned to this issue:
Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in
Little cms color engine (aka lcms) before 1.16 allows attackers to
have an unknown impact via vectors related to a length parameter
inconsistency involving the contents of "the input file," a different
vulnerability than CVE-2007-2741.