Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1745-1 (lcms)
The remote host is missing an update to lcms
announced via advisory DSA 1745-1.

Several security issues have been discovered in lcms, a color management
library. The Common Vulnerabilities and Exposures project identifies
the following problems:


Chris Evans discovered that lcms is affected by a memory leak, which
could result in a denial of service via specially crafted image files.


Chris Evans discovered that lcms is prone to several integer overflows
via specially crafted image files, which could lead to the execution of
arbitrary code.


Chris Evans discovered the lack of upper-gounds check on sizes leading
to a buffer overflow, which could be used to execute arbitrary code.

For the stable distribution (lenny), these problems have been fixed in
version 1.17.dfsg-1+lenny1.

For the oldstable distribution (etch), these problems have been fixed
in version 1.15-1.1+etch2.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.

We recommend that you upgrade your lcms packages.


CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0581
BugTraq ID: 34185
Bugtraq: 20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) (Google Search)
Bugtraq: 20090320 [oCERT-2009-003] LittleCMS integer errors (Google Search)
Debian Security Information: DSA-1745 (Google Search)
Debian Security Information: DSA-1769 (Google Search)
RedHat Security Advisories: RHSA-2009:0377
SuSE Security Announcement: SUSE-SR:2009:007 (Google Search)
XForce ISS Database: littlecms-unspecified-dos(49328)
Common Vulnerability Exposure (CVE) ID: CVE-2009-0723
XForce ISS Database: littlecms-unspecified-bo(49326)
Common Vulnerability Exposure (CVE) ID: CVE-2009-0733
XForce ISS Database: littlecms-readsetofcurves-bo(49330)
CopyrightCopyright (c) 2009 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.