New Search

RHSA-2009:0339 -- lcms security update (Moderate)

oval:org.mitre.oval:def:29236

Updated lcms packages that resolve several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Little Color Management System (LittleCMS) is a small-footprint speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows as well as multiple insufficient input validation flaws were found in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash or possibly execute arbitrary code when opened by a victim. (CVE-2009-0723 CVE-2009-0733)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 5
Class:
patch
Reference(s):
  • RHSA-2009:0339
  • CVE-2009-0581
  • CVE-2009-0723
  • CVE-2009-0733
Product(s):
  • lcms