MidnightBSD

Advisories for littlecms

CVE-2009-0581 MEDIUM

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
mozilla firefox 3.1
littlecms little_cms *
gimp gimp *
sun openjdk *
CVE-2009-0723 HIGH

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
mozilla firefox 3.1
littlecms little_cms *
gimp gimp *
sun openjdk *
CVE-2009-0733 HIGH

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mozilla firefox 3.1
littlecms little_cms *
gimp gimp *
sun openjdk *
CVE-2009-0793 MEDIUM

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
sun openjdk 6
littlecms lcms 1.18
CVE-2013-4160 MEDIUM

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
littlecms little_cms_color_engine 1.15
littlecms little_cms_color_engine 1.07
littlecms little_cms_color_engine 1.10
littlecms little_cms_color_engine 1.11
littlecms little_cms_color_engine 1.12
littlecms little_cms_color_engine 2.1
littlecms little_cms_color_engine 2.2
littlecms little_cms_color_engine 1.09
littlecms little_cms_color_engine 1.16
littlecms little_cms_color_engine 1.14
littlecms little_cms_color_engine 1.17
littlecms little_cms_color_engine 2.0
littlecms little_cms_color_engine 1.18
littlecms little_cms_color_engine *
littlecms little_cms_color_engine 1.08
littlecms little_cms_color_engine 1.19
littlecms little_cms_color_engine 1.13
littlecms little_cms_color_engine 2.3
CVE-2013-4276 MEDIUM

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
littlecms little_cms_color_engine 1.15
littlecms little_cms_color_engine 1.07
littlecms little_cms_color_engine 1.10
littlecms little_cms_color_engine 1.11
littlecms little_cms_color_engine 1.12
littlecms little_cms_color_engine 1.09
littlecms little_cms_color_engine 1.16
littlecms little_cms_color_engine 1.14
littlecms little_cms_color_engine 1.17
littlecms little_cms_color_engine 1.18
littlecms little_cms_color_engine *
littlecms little_cms_color_engine 1.08
littlecms little_cms_color_engine 1.13
CVE-2013-7455 HIGH

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
littlecms little_cms_color_engine 2.5
littlecms little_cms_color_engine 2.1
littlecms little_cms_color_engine 2.0
littlecms little_cms_color_engine 2.2
littlecms little_cms_color_engine 2.3
littlecms little_cms_color_engine 2.4
CVE-2016-10165 MEDIUM

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
netapp e-series_santricity_os_controller 11.40.3r2
netapp e-series_santricity_os_controller 11.70.1
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
netapp e-series_santricity_os_controller 11.50.1
redhat satellite 5.8
netapp e-series_santricity_os_controller 11.0
netapp active_iq_unified_manager *
redhat enterprise_linux_server 5.0
redhat enterprise_linux_server_tus 7.6
netapp e-series_santricity_os_controller 11.0.0
netapp e-series_santricity_os_controller 11.60
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 7.3
netapp oncommand_unified_manager 7.1
netapp e-series_santricity_management -
netapp e-series_santricity_os_controller 11.25
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_workstation 7.0
netapp e-series_santricity_os_controller 11.60.1
netapp oncommand_unified_manager -
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_workstation 5.0
netapp e-series_santricity_os_controller 11.60.3
redhat enterprise_linux_desktop 6.0
netapp e-series_santricity_os_controller 11.50.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
netapp oncommand_balance -
netapp oncommand_performance_manager -
redhat enterprise_linux_server_aus 7.7
netapp e-series_santricity_os_controller 11.40
netapp e-series_santricity_os_controller 11.40.5
canonical ubuntu_linux 16.04
netapp e-series_santricity_os_controller 11.20
redhat enterprise_linux_server_eus 7.6
opensuse leap 42.1
netapp e-series_santricity_os_controller 11.60.0
netapp e-series_santricity_os_controller 11.70.2
littlecms little_cms_color_engine *
netapp oncommand_insight -
netapp e-series_santricity_os_controller 11.30.5r3
canonical ubuntu_linux 18.04
netapp e-series_santricity_os_controller 11.30
debian debian_linux 8.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
netapp oncommand_shift -
canonical ubuntu_linux 14.04
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 12.04
CVE-2018-11555 MEDIUM

tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
littlecms little_cms 2.9
CVE-2018-11556 MEDIUM

tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
littlecms little_cms 2.9
CVE-2018-16435 MEDIUM

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 18.04
littlecms little_cms_color_engine 2.9
redhat enterprise_linux_desktop 6.0
debian debian_linux 8.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 12.04