# Vulnerability Summary ## Vulnerability Overview - **Vulnerability Name**: ParseCube Integer Overflow Vulnerability - **Description**: A memory allocation error occurs during LUT (Look-Up Table) allocation due to an integer overflow. - **Fix Commit**: Commit ID `6a68601`, submitted by user `mm2` on February 19, 2019. ## Impact Scope - **Affected File**: `src/cmscags.c` - **Specific Location**: The `cms2190` function within the file. ## Remediation - **Fix Code**: ```c if (lut_size > 60) { int nodes = lut_size * lut_size * lut_size; int nodes; /* * Professional LUT-generation tools (e.g., Nobe LutBake) list 65x65x65 as their highest supported */ if (lut_size > 60) return PyErr_Format(PyExc_ValueError, "LUT size '%d' is over maximum of 60", lut_size); nodes = lut_size * lut_size * lut_size; } cmsFloat32Number* lut_table = (cmsFloat32Number*) _cmsMalloc(cube->ContextID, nodes * 3 * sizeof(cmsFloat32Number)); if (lut_table == NULL) return FALSE; ``` - **Fix Details**: - Added a check for `lut_size` to ensure it does not exceed 60. - If `lut_size` exceeds 60, a `PyExc_ValueError` exception is raised. - Ensures correct calculation and validation before memory allocation to prevent integer overflow.