Moritz Muehlenhoff
2009-May-27 20:10 UTC
[Secure-testing-team] Bug#530785: CVE-2009-0793: DoS
Package: lcms
Severity: important
Tags: security
Hi,
a minor denial of service security issue has been found in
lcms:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793:
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK
and other products, allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via a crafted
image that triggers execution of incorrect code for "transformations
of monochrome profiles."
Patch available at:
https://bugzilla.redhat.com/attachment.cgi?id=337279
This issue doesn''t warrant a DSA by itself. If you want to see it
fixed, you could prepare an update for a stable point update. In
that case, please send a proposed debdiff to
debian-release at lists.debian.org
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, ''unstable'')
Architecture: i386 (i686)
Kernel: Linux 2.6.29-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash