Bug 1108813 - (CVE-2018-16435) VUL-0: CVE-2018-16435: lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile
(CVE-2018-16435)
VUL-0: CVE-2018-16435: lcms2: heap-based buffer overflow in SetData function ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/213708/
CVSSv3:SUSE:CVE-2018-16435:5.5:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-18 13:06 UTC by Karol Babioch
Modified: 2020-09-16 11:02 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-09-18 13:06:00 UTC
rh#1628969

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in
the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer
overflow in the SetData function via a crafted file in the second argument to
cmsIT8LoadFromFile.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1628969
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16435
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16435.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html
https://www.debian.org/security/2018/dsa-4284
https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
https://github.com/mm2/Little-CMS/issues/171
Comment 1 Karol Babioch 2018-09-18 13:11:26 UTC
All codestreams are affected by this:

SUSE:SLE-11-SP3:Update
SUSE:SLE-12-SP2:Update
SUSE:SLE-15:Update
Comment 2 Stanislav Brabec 2018-10-03 16:20:26 UTC
Submitted:
SUSE:SLE-15:Update: https://build.suse.de/request/show/173682
SUSE:SLE-12-SP2:Update: https://build.suse.de/request/show/173683
SUSE:SLE-12:Update: https://build.suse.de/request/show/173684
SUSE:SLE-11-SP3:Update: https://build.suse.de/request/show/173685
multimedia:libs: https://build.opensuse.org/request/show/639800
Comment 3 Swamp Workflow Management 2018-10-26 19:10:57 UTC
SUSE-SU-2018:3498-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1108813
CVE References: CVE-2018-16435
Sources used:
SUSE Linux Enterprise Module for Basesystem 15 (src):    lcms2-2.9-3.3.1
Comment 4 Swamp Workflow Management 2018-10-27 10:08:55 UTC
openSUSE-SU-2018:3529-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1108813
CVE References: CVE-2018-16435
Sources used:
openSUSE Leap 15.0 (src):    lcms2-2.9-lp150.2.3.1
Comment 5 Swamp Workflow Management 2018-10-29 14:09:53 UTC
SUSE-SU-2018:3545-1: An update that solves two vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1021364,1026649,1026650,1108813
CVE References: CVE-2016-10165,CVE-2018-16435
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    lcms2-2.7-9.7.1
SUSE Linux Enterprise Server 12-SP3 (src):    lcms2-2.7-9.7.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    lcms2-2.7-9.7.1
Comment 6 Stanislav Brabec 2019-08-28 00:55:31 UTC
It seems to be fixed for a long time.