High severity7.5NVD Advisory· Published Apr 1, 2025· Updated Apr 15, 2026
CVE-2025-29070
CVE-2025-29070
Description
A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color management, is there only as a helper for low-level programming and investigation."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords7 versionspkg:deb/ubuntu/lcms2@2.12~rc1-2build2?arch=source&distro=jammypkg:deb/ubuntu/lcms2@2.14-2build1?arch=source&distro=noblepkg:deb/ubuntu/lcms2@2.14-2build1?arch=source&distro=oracularpkg:deb/ubuntu/lcms2@2.5-0ubuntu4.2?arch=source&distro=esm-infra-legacy/trustypkg:deb/ubuntu/lcms2@2.6-3ubuntu2.1?arch=source&distro=esm-infra/xenialpkg:deb/ubuntu/lcms2@2.9-1ubuntu0.1?arch=source&distro=esm-infra/bionicpkg:deb/ubuntu/lcms2@2.9-4?arch=source&distro=focal
>= 0+ 6 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.