Ubuntu
lcms package

[liblcms1] [CVE-2007-2741] DoS vulnerability and possible execution of arbitrary code

Bug #174613 reported by disabled.user
254
Affects Status Importance Assigned to Milestone
lcms (Ubuntu)
Fix Released
Undecided
Kees Cook
Dapper
Fix Released
Medium
Kees Cook

Bug Description

Binary package hint: liblcms1

References:
[1] MDKSA-2007:238 (http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:238)
[2] CVE-2007-2741 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2741)

Quoting [1]:
"Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file."

Quoting [2]:
"Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file."

CVE References

Daniele Napolitano (dnax88)
Changed in lcms:
status: New → Confirmed
status: Confirmed → New
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Dapper only.

Revision history for this message
Kees Cook (kees) wrote :

This is building and will be published shortly for Dapper.

Changed in lcms:
assignee: nobody → kees
status: New → Fix Committed
assignee: nobody → kees
status: New → Fix Committed
status: Fix Committed → Fix Released
Revision history for this message
Kees Cook (kees) wrote :

This problem has been addressed with the following USN:

http://www.ubuntu.com/usn/usn-652-1

Please feel free to report future bugs.

Changed in lcms:
importance: Undecided → Medium
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.