Created attachment 782447 [details]
Patch to correct the buffer overflows
Description of problem:
I have found three (lame) buffer overflows in lcms-1.19. The problem lies in the use of dangerous functions like scanf and sprintf to handle user input.
I have contacted the Little CMS developer and his answer was that "people concerned about security should update to Little CMS v2". To be honest I think it's a reasonable answer since he has stopped supporting lcms-1 in 2009. However this appears to be a package that is still widely in use in several distributions, and included in other software as a library.
I am attaching patches here to address the issue. These have been compile tested but I did not do any test beyond that. Please note that I am sending this via a mobile device and the patches might be mangled (hopefully not).
If you have any questions please contact me back. If you do issue an advisory, please credit Pedro Ribeiro (pedrib).
Version-Release number of selected component (if applicable):
Created attachment 782955 [details]
The proper patch that fixes the issue
Please note that I have committed a stupid and lame mistake and actually introduced a format string vulnerability with the previous patch. This is the correct patch and should fix the issue, but please review it anyway.
Created attachment 783274 [details]
Yet another version of the patch
Yet another version of the patch, as per the comments in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682#40.
Thanks for this, Pedro. I'm going to turn this into an SRT bug.
Bah, this already had a bug.
*** This bug has been marked as a duplicate of bug 992975 ***