Skip to main content

Little Cms Color Engine

5 CVEs product

Monthly

CVE-2018-16435 MEDIUM POC PATCH This Month

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Little Cms Color Engine Ubuntu Linux Enterprise Linux Desktop +3
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2016-10165 HIGH PATCH This Week

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Little Cms Color Engine Ubuntu Linux +17
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2013-7455 CRITICAL Act Now

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.2% and no vendor patch available.

RCE Little Cms Color Engine
NVD GitHub
CVSS 3.0
9.8
EPSS
15.2%
CVE-2013-4160 MEDIUM This Month

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Little Cms Color Engine
NVD GitHub
CVSS 2.0
5.0
EPSS
1.1%
CVE-2013-4276 MEDIUM PATCH This Month

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Buffer Overflow Denial Of Service Little Cms Color Engine
NVD
CVSS 2.0
4.3
EPSS
2.3%
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Little Cms Color Engine +5
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +19
NVD GitHub
EPSS 15% CVSS 9.8
CRITICAL Act Now

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.2% and no vendor patch available.

RCE Little Cms Color Engine
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Little Cms Color Engine
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Buffer Overflow Denial Of Service Little Cms Color Engine
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy