CVE-2008-5317 : Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.

Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.

Published 2008-12-03 17:30:01

Updated 2018-10-03 21:56:28

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-5317

Probability of exploitation activity in the next 30 days: 1.18%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5317

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5317

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-5317

Products affected by CVE-2008-5317

Littlecms » Lcms
Versions up to, including, (<=) 1.16
cpe:2.3:a:littlecms:lcms:*:*:*:*:*:*:*:*
Matching versions
Littlecms » Lcms » Version: 1.07
cpe:2.3:a:littlecms:lcms:1.07:*:*:*:*:*:*:*
Matching versions
Littlecms » Lcms » Version: 1.13
cpe:2.3:a:littlecms:lcms:1.13:*:*:*:*:*:*:*
Matching versions
Littlecms » Lcms » Version: 1.11
cpe:2.3:a:littlecms:lcms:1.11:*:*:*:*:*:*:*
Matching versions
Littlecms » Lcms » Version: 1.12
cpe:2.3:a:littlecms:lcms:1.12:*:*:*:*:*:*:*
Matching versions
Littlecms » Lcms » Version: 1.08
cpe:2.3:a:littlecms:lcms:1.08:*:*:*:*:*:*:*
Matching versions
Littlecms » Lcms » Version: 1.09
cpe:2.3:a:littlecms:lcms:1.09:*:*:*:*:*:*:*
Matching versions
Littlecms » Lcms » Version: 1.10
cpe:2.3:a:littlecms:lcms:1.10:*:*:*:*:*:*:*
Matching versions
Littlecms » Lcms » Version: 1.14
cpe:2.3:a:littlecms:lcms:1.14:*:*:*:*:*:*:*
Matching versions
Littlecms » Lcms » Version: 1.15
cpe:2.3:a:littlecms:lcms:1.15:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine
Versions up to, including, (<=) 1.16
cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine » Version: 1.09
cpe:2.3:a:littlecms:little_cms_color_engine:1.09:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine » Version: 1.08
cpe:2.3:a:littlecms:little_cms_color_engine:1.08:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine » Version: 1.14
cpe:2.3:a:littlecms:little_cms_color_engine:1.14:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine » Version: 1.13
cpe:2.3:a:littlecms:little_cms_color_engine:1.13:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine » Version: 1.12
cpe:2.3:a:littlecms:little_cms_color_engine:1.12:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine » Version: 1.11
cpe:2.3:a:littlecms:little_cms_color_engine:1.11:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine » Version: 1.10
cpe:2.3:a:littlecms:little_cms_color_engine:1.10:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine » Version: 1.07
cpe:2.3:a:littlecms:little_cms_color_engine:1.07:*:*:*:*:*:*:*
Matching versions
Littlecms » Little Cms Color Engine » Version: 1.15
cpe:2.3:a:littlecms:little_cms_color_engine:1.15:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-5317

Exploit prediction scoring system (EPSS) score for CVE-2008-5317

CVSS scores for CVE-2008-5317

CWE ids for CVE-2008-5317

References for CVE-2008-5317

Products affected by CVE-2008-5317