VYPR
Vendor

Littlecms

Products
3
CVEs
13
Across products
17
Status
Private

Products

3

Recent CVEs

13
  • CVE-2013-7455CriMay 7, 2016
    risk 0.57cvss 9.8epss 0.06

    Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.

  • CVE-2016-10165HigFeb 3, 2017
    risk 0.39cvss 7.1epss 0.03

    The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

  • CVE-2026-41254MedApr 18, 2026
    risk 0.19cvss 4.0epss 0.00

    Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

  • CVE-2008-5628Dec 17, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.

  • CVE-2007-2741May 17, 2007
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.

  • CVE-2013-4160Jan 21, 2014
    risk 0.00cvss epss 0.03

    Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3)…

  • CVE-2013-4276Sep 28, 2013
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.

  • CVE-2009-0793Apr 9, 2009
    risk 0.00cvss epss 0.05

    cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of…

  • CVE-2009-0733Mar 23, 2009
    risk 0.00cvss epss 0.06

    Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large…

  • CVE-2009-0723Mar 23, 2009
    risk 0.00cvss epss 0.05

    Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these…

  • CVE-2009-0581Mar 23, 2009
    risk 0.00cvss epss 0.03

    Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

  • CVE-2008-5317Dec 3, 2008
    risk 0.00cvss epss 0.02

    Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an…

  • CVE-2008-5316Dec 3, 2008
    risk 0.00cvss epss 0.03

    Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different…