Unrated severityNVD Advisory· Published Dec 3, 2008· Updated Apr 23, 2026

CVE-2008-5317

Description

Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.

Affected products

Littlecms/Lcms10 versions
cpe:2.3:a:littlecms:lcms:1.14:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:littlecms:lcms:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:lcms:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:lcms:*:*:*:*:*:*:*:*range: <=1.16
- cpe:2.3:a:littlecms:lcms:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:lcms:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:lcms:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:lcms:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:lcms:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:lcms:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:lcms:1.13:*:*:*:*:*:*:*
Littlecms/Little Cms Color Engine10 versions
cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*range: <=1.16
- cpe:2.3:a:littlecms:little_cms_color_engine:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:1.15:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000