Candidate: CVE-2008-5317
PublicDate: 2008-12-03 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5317
 https://ubuntu.com/security/notices/USN-652-1
 https://ubuntu.com/security/notices/USN-693-1
Description:
 Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in
 Little cms color engine (aka lcms) before 1.17 allows attackers to have an
 unknown impact via a file containing a certain "number of entries" value,
 which is interpreted improperly, leading to an allocation of insufficient
 memory.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_lcms:
upstream_lcms: released (1.17)
dapper_lcms: released (1.13-1ubuntu0.1)
gutsy_lcms: released (1.16-5ubuntu3.1)
hardy_lcms: released (1.16-7ubuntu1.1)
intrepid_lcms: released (1.16-10ubuntu0.1)
devel_lcms: not-affected