) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:littlecms:little_cms_color_engine:1.16:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-10165 |
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. Published: February 03, 2017; 2:59:00 PM -0500 |
V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
| CVE-2013-4160 |
Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed. Published: January 21, 2014; 1:55:09 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2013-4276 |
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. Published: September 28, 2013; 3:55:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2008-5317 |
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. Published: December 03, 2008; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |