Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain number of entries value, which is interpreted improperly, leading to an allocation of insufficient memory.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Lcms | Littlecms | * | 1.16 (including) |
| Lcms | Littlecms | 1.07 (including) | 1.07 (including) |
| Lcms | Littlecms | 1.08 (including) | 1.08 (including) |
| Lcms | Littlecms | 1.09 (including) | 1.09 (including) |
| Lcms | Littlecms | 1.10 (including) | 1.10 (including) |
| Lcms | Littlecms | 1.11 (including) | 1.11 (including) |
| Lcms | Littlecms | 1.12 (including) | 1.12 (including) |
| Lcms | Littlecms | 1.13 (including) | 1.13 (including) |
| Lcms | Littlecms | 1.14 (including) | 1.14 (including) |
| Lcms | Littlecms | 1.15 (including) | 1.15 (including) |
| Little_cms_color_engine | Littlecms | * | 1.16 (including) |
| Little_cms_color_engine | Littlecms | 1.07 (including) | 1.07 (including) |
| Little_cms_color_engine | Littlecms | 1.08 (including) | 1.08 (including) |
| Little_cms_color_engine | Littlecms | 1.09 (including) | 1.09 (including) |
| Little_cms_color_engine | Littlecms | 1.10 (including) | 1.10 (including) |
| Little_cms_color_engine | Littlecms | 1.11 (including) | 1.11 (including) |
| Little_cms_color_engine | Littlecms | 1.12 (including) | 1.12 (including) |
| Little_cms_color_engine | Littlecms | 1.13 (including) | 1.13 (including) |
| Little_cms_color_engine | Littlecms | 1.14 (including) | 1.14 (including) |
| Little_cms_color_engine | Littlecms | 1.15 (including) | 1.15 (including) |
| Red Hat Enterprise Linux 5 | RedHat | lcms-0:1.15-1.2.2.el5_2.2 | * |
| Lcms | Ubuntu | dapper | * |
| Lcms | Ubuntu | gutsy | * |
| Lcms | Ubuntu | hardy | * |
| Lcms | Ubuntu | intrepid | * |
| Lcms | Ubuntu | upstream | * |