Pardus: Lcms: Multiple Vulnerabilities
Posted by Benjamin D. Thomas   
LittleCMS, an open source color management engine, suffers from several integer overflows resulting in stack based buffer overflows, various heap errors and memory leaks.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-43            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-04-01
  Severity: 2
      Type: Remote
------------------------------------------------------------------------

Summary
=======

LittleCMS, an open source color management engine, suffers from several
integer overflows resulting in stack based  buffer  overflows,  various
heap errors and memory leaks.


Description
===========

Decoding a specially crafted  image  file  will  result  in  unexpected
process termination, Denial  Of  Service  conditions  orarbitrary  code
execution due to stack overflow.



Affected packages:

  Pardus 2008:
    lcms, all before 1.17-5-3


Resolution
==========

There are update(s) for lcms. You can update them via Package Manager or
with a single command from console:

    pisi up lcms

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=9452
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733