Littlecms

Little Cms

6 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.37%
  • Veröffentlicht 18.04.2026 06:43:13
  • Zuletzt bearbeitet 07.05.2026 18:16:19

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

  • EPSS 1.07%
  • Veröffentlicht 30.05.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:36

tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program u...

  • EPSS 1.07%
  • Veröffentlicht 30.05.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:36

tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sam...

Exploit
  • EPSS 2.5%
  • Veröffentlicht 23.03.2009 14:19:12
  • Zuletzt bearbeitet 16.06.2026 23:05:21

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

Exploit
  • EPSS 5.03%
  • Veröffentlicht 23.03.2009 14:19:12
  • Zuletzt bearbeitet 16.06.2026 23:05:38

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer over...

Exploit
  • EPSS 5.53%
  • Veröffentlicht 23.03.2009 14:19:12
  • Zuletzt bearbeitet 16.06.2026 23:05:39

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image ...