rpm package
suse/lcms2&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/lcms2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16435 | — | < 2.7-9.7.1 | 2.7-9.7.1 | Sep 4, 2018 | Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | ||
| CVE-2016-10165 | Hig | 7.1 | < 2.7-9.7.1 | 2.7-9.7.1 | Feb 3, 2017 | The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. |
- CVE-2018-16435Sep 4, 2018affected < 2.7-9.7.1fixed 2.7-9.7.1
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
- affected < 2.7-9.7.1fixed 2.7-9.7.1
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.