Advisories » MGASA-2013-0240

Updated lcms2 packages fixes security vulnerability

Publication date: 09 Aug 2013
Modification date: 09 Aug 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4160

Description

It was discovered that Little CMS did not properly verify certain memory
allocations. If a user or automated system using Little CMS were tricked
into opening a specially crafted file, an attacker could cause Little CMS
to crash (CVE-2013-4160).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=10816
• http://www.ubuntu.com/usn/usn-1911-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4160

SRPMS

3/core

• lcms2-2.5-1.mga3

2/core

• lcms2-2.5-1.mga2