Search CVE reports
1 – 6 of 6 results
CVE-2018-16435
Medium prioritySome fixes available 9 of 10
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument...
4 affected packages
chromium-browser, lcms, lcms2, oxide-qt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | Fixed | Fixed |
| lcms | — | — | — | Not in release | Not in release |
| lcms2 | — | — | — | Fixed | Fixed |
| oxide-qt | — | — | — | Not in release | Ignored |
CVE-2016-10165
Low prioritySome fixes available 5 of 9
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
3 affected packages
lcms2, openjdk-7, openjdk-8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| lcms2 | — | — | — | Fixed | Fixed |
| openjdk-7 | — | — | — | Not in release | Not in release |
| openjdk-8 | — | — | — | Not affected | Not affected |
CVE-2013-7455
Medium priorityDouble free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default...
2 affected packages
ghostscript, lcms2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Not affected |
| lcms2 | — | — | — | — | Not affected |
CVE-2014-0459
Low prioritySome fixes available 11 of 17
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
3 affected packages
lcms2, openjdk-6, openjdk-7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| lcms2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjdk-6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-7 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2013-4276
Low priorityMultiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to...
3 affected packages
ghostscript, lcms, lcms2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | Not affected | Not affected |
| lcms | — | — | — | Not in release | Not in release |
| lcms2 | — | — | — | Not affected | Not affected |
CVE-2013-4160
Medium priorityLittle CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves,...
3 affected packages
ghostscript, lcms, lcms2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | — |
| lcms | — | — | — | — | — |
| lcms2 | — | — | — | — | — |