LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

argyllcms: code execution

argyllcms: code execution

Posted May 17, 2012 20:16 UTC (Thu) by jimparis (subscriber, #38647)
In reply to: argyllcms: code execution by jimparis
Parent article: argyllcms: code execution

(replying to myself)
It also seems overly defensive to say that this is only a bug in iccdump and not a bug in icclib. As far as I can tell iccdump.c did not change at all between 1.3.7 and 1.4.0, but rather the fix was located in icc/icc.c, which means the bug *was* compiled into icclib. Maybe what you meant is that iccdump is the only program you're *aware* of that used the vulnerable function, but that doesn't mean someone else wasn't also calling it.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds