Upstream information

CVE-2013-4276 at MITRE

Description

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entry: 843716 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-32bit >= 1.17-77.16.1
Patchnames:
sledsp2-lcms
SUSE Linux Enterprise Desktop 11 SP3
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-32bit >= 1.17-77.16.1
Patchnames:
sledsp3-lcms
SUSE Linux Enterprise Server 11 SP2
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-32bit >= 1.17-77.16.1
  • liblcms1-x86 >= 1.17-77.16.1
Patchnames:
slessp2-lcms
SUSE Linux Enterprise Server 11 SP3
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-32bit >= 1.17-77.16.1
  • liblcms1-x86 >= 1.17-77.16.1
Patchnames:
slessp3-lcms
SUSE Linux Enterprise Server for VMWare 11 SP2
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-32bit >= 1.17-77.16.1
  • liblcms1-x86 >= 1.17-77.16.1
Patchnames:
slessp2-lcms
SUSE Linux Enterprise Server for VMWare 11 SP3
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-32bit >= 1.17-77.16.1
  • liblcms1-x86 >= 1.17-77.16.1
Patchnames:
slessp3-lcms
SUSE Linux Enterprise Software Development Kit 11 SP2
  • liblcms-devel >= 1.17-77.16.1
  • liblcms-devel-32bit >= 1.17-77.16.1
  • python-lcms >= 1.17-77.16.1
Patchnames:
sdksp2-lcms
SUSE Linux Enterprise Software Development Kit 11 SP3
  • liblcms-devel >= 1.17-77.16.1
  • liblcms-devel-32bit >= 1.17-77.16.1
  • python-lcms >= 1.17-77.16.1
Patchnames:
sdksp3-lcms
SUSE Linux Enterprise Software Development Kit 11 SP2
  • liblcms-devel >= 1.17-77.16.1
  • python-lcms >= 1.17-77.16.1
Builds
SAT Patch Nr: 8424
SUSE Linux Enterprise Software Development Kit 11 SP2
  • liblcms-devel >= 1.17-77.16.1
  • liblcms-devel-32bit >= 1.17-77.16.1
  • python-lcms >= 1.17-77.16.1
Builds
SAT Patch Nr: 8424
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
Builds
SAT Patch Nr: 8424
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-32bit >= 1.17-77.16.1
Builds
SAT Patch Nr: 8424
SUSE Linux Enterprise Server 11 SP2
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-x86 >= 1.17-77.16.1
Builds
SAT Patch Nr: 8424
SUSE Linux Enterprise Software Development Kit 11 SP3
  • liblcms-devel >= 1.17-77.16.1
  • python-lcms >= 1.17-77.16.1
Builds
SAT Patch Nr: 8425
SUSE Linux Enterprise Software Development Kit 11 SP3
  • liblcms-devel >= 1.17-77.16.1
  • liblcms-devel-32bit >= 1.17-77.16.1
  • python-lcms >= 1.17-77.16.1
Builds
SAT Patch Nr: 8425
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
Builds
SAT Patch Nr: 8425
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-32bit >= 1.17-77.16.1
Builds
SAT Patch Nr: 8425
SUSE Linux Enterprise Server 11 SP3
  • lcms >= 1.17-77.16.1
  • liblcms1 >= 1.17-77.16.1
  • liblcms1-x86 >= 1.17-77.16.1
Builds
SAT Patch Nr: 8425
openSUSE 12.3
  • lcms >= 1.19-11.4.1
  • lcms-debuginfo >= 1.19-11.4.1
  • lcms-debugsource >= 1.19-11.4.1
  • liblcms-devel >= 1.19-11.4.1
  • liblcms-devel-32bit >= 1.19-11.4.1
  • liblcms1 >= 1.19-11.4.1
  • liblcms1-32bit >= 1.19-11.4.1
  • liblcms1-debuginfo >= 1.19-11.4.1
  • liblcms1-debuginfo-32bit >= 1.19-11.4.1
  • python-lcms >= 1.19-11.4.1
  • python-lcms-debuginfo >= 1.19-11.4.1
Patchnames:
openSUSE-2013-757
openSUSE Evergreen 11.4
  • lcms >= 1.19-5.1
  • lcms-debuginfo >= 1.19-5.1
  • lcms-debugsource >= 1.19-5.1
  • liblcms-devel >= 1.19-5.1
  • liblcms-devel-32bit >= 1.19-5.1
  • liblcms1 >= 1.19-5.1
  • liblcms1-32bit >= 1.19-5.1
  • liblcms1-debuginfo >= 1.19-5.1
  • liblcms1-debuginfo-32bit >= 1.19-5.1
  • liblcms1-debuginfo-x86 >= 1.19-5.1
  • liblcms1-x86 >= 1.19-5.1
  • python-lcms >= 1.19-5.1
  • python-lcms-debuginfo >= 1.19-5.1
Patchnames:
2013-147