Rapid7 Vulnerability & Exploit Database

RHSA-2009:0011: lcms security update

Back to Search

RHSA-2009:0011: lcms security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
12/03/2008
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

Little Color Management System (LittleCMS, or simply "lcms") is asmall-footprint, speed-optimized open source color management engine.Multiple insufficient input validation flaws were discovered in LittleCMS.An attacker could use these flaws to create a specially-crafted image filewhich could cause an application using LittleCMS to crash, or, possibly,execute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317)Users of lcms should upgrade to these updated packages, which containbackported patches to correct these issues. All running applications usinglcms library must be restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-lcms
  • redhat-upgrade-lcms-devel
  • redhat-upgrade-python-lcms

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;