Referenced CVEs:
CVE-2008-5317
Description:
===========================================================Ubuntu Security Notice USN-693-1 December 17, 2008LittleCMS vulnerabilityCVE-2008-5317===========================================================A security issue affects the following Ubuntu releases:Ubuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 7.10: liblcms1 1.16-5ubuntu3.1Ubuntu 8.04 LTS: liblcms1 1.16-7ubuntu1.1Ubuntu 8.10: liblcms1 1.16-10ubuntu0.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that certain gamma operations in lcms were notcorrectly bounds-checked. If a user or automated system were tricked intoprocessing a malicious image, a remote attacker could crash applicationslinked against liblcms1, leading to a denial of service, or possiblyexecute arbitrary code with user privileges.
More...