Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Little_cms_color_engine
(Littlecms)| Repositories | https://github.com/mm2/Little-CMS |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-02-03 | CVE-2016-10165 | The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | Ubuntu_linux, Debian_linux, Little_cms_color_engine, Active_iq_unified_manager, E\-Series_santricity_management, E\-Series_santricity_os_controller, Oncommand_balance, Oncommand_insight, Oncommand_performance_manager, Oncommand_shift, Oncommand_unified_manager, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite | 7.1 | ||
| 2018-09-04 | CVE-2018-16435 | Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | Ubuntu_linux, Debian_linux, Little_cms_color_engine, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 5.5 | ||
| 2016-05-07 | CVE-2013-7455 | Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler. | Little_cms_color_engine | 9.8 | ||
| 2013-09-28 | CVE-2013-4276 | Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. | Little_cms_color_engine | N/A | ||
| 2014-01-21 | CVE-2013-4160 | Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed. | Little_cms_color_engine | N/A | ||
| 2008-12-03 | CVE-2008-5317 | Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. | Lcms, Little_cms_color_engine | N/A | ||
| 2008-12-03 | CVE-2008-5316 | Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741. | Lcms, Little_cms_color_engine | N/A |