VYPR

Lcms

by Littlecms

CVEs (5)

  • CVE-2007-2741May 17, 2007
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.

  • CVE-2013-4276Sep 28, 2013
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.

  • CVE-2009-0793Apr 9, 2009
    risk 0.00cvss epss 0.05

    cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of…

  • CVE-2008-5317Dec 3, 2008
    risk 0.00cvss epss 0.02

    Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an…

  • CVE-2008-5316Dec 3, 2008
    risk 0.00cvss epss 0.03

    Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different…