search

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches
https://packages.aosc.io
GNU General Public License v2.0
102 stars 80 forks source link

lcms2: CVE-2018-16435 #1364

Closed l2dy closed 6 years ago

l2dy commented 6 years ago

CVE IDs (if any)

CVE-2018-16435

Other security advisory IDs (if any)

DSA-4284-1

Patches (if any)

https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8

PoC(s) (if any)

#include <stdio.h>
#include <lcms2.h>
#include "lcms2_internal.h"

int main(int argc, char* argv[]){
    cmsIT8LoadFromFile(NULL, "AllocateDataSet.crash.IT8");
    return 0;
}

Additional descriptions (if applicable)

Quang Nguyen discovered an integer overflow in the Little CMS 2 colour management library, which could in denial of service and potentially the execution of arbitrary code if a malformed IT8 calibration file is processed.

Architectural progress

Please remove any architecture to which the security vulnerabilities do not apply.

MingcongBai commented 6 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/a113ff28b12eaa425053cac545eb339ef660a933. Closing.

l2dy commented 6 years ago

Use AOSA-2018-0399.