High severity7.3NVD Advisory· Published Apr 1, 2025· Updated Apr 15, 2026
CVE-2025-29069
CVE-2025-29069
Description
A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding identified a bug in a third-party calling program, not in lcms.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords7 versionspkg:deb/ubuntu/lcms2@2.12~rc1-2build2?arch=source&distro=jammypkg:deb/ubuntu/lcms2@2.14-2build1?arch=source&distro=noblepkg:deb/ubuntu/lcms2@2.14-2build1?arch=source&distro=oracularpkg:deb/ubuntu/lcms2@2.5-0ubuntu4.2?arch=source&distro=esm-infra-legacy/trustypkg:deb/ubuntu/lcms2@2.6-3ubuntu2.1?arch=source&distro=esm-infra/xenialpkg:deb/ubuntu/lcms2@2.9-1ubuntu0.1?arch=source&distro=esm-infra/bionicpkg:deb/ubuntu/lcms2@2.9-4?arch=source&distro=focal
>= 0+ 6 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.