Known Vulnerabilities for products from Littlecms
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Littlecms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-16435 | Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, le... | 5.5 - MEDIUM | 2018-09-04 | 2021-05-26 |
| CVE-2018-11556 | ** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslu... | 7.8 - HIGH | 2018-05-30 | 2023-11-07 |
| CVE-2018-11555 | ** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcm... | 7.8 - HIGH | 2018-05-30 | 2023-11-07 |
| CVE-2016-10165 | The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or... | 7.1 - HIGH | 2017-02-03 | 2024-01-10 |
| CVE-2013-7455 | Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows rem... | 9.8 - CRITICAL | 2016-05-07 | 2016-12-01 |
| CVE-2013-4276 | Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a d... | 4.3 - MEDIUM | 2013-09-28 | 2018-09-21 |
| CVE-2013-4160 | Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of... | 5 - MEDIUM | 2014-01-21 | 2014-01-22 |
| CVE-2009-0793 | cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a... | 4.3 - MEDIUM | 2009-04-09 | 2023-02-13 |
| CVE-2009-0733 | Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as... | 9.3 - HIGH | 2009-03-23 | 2022-02-07 |
| CVE-2009-0723 | Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP... | 9.3 - HIGH | 2009-03-23 | 2022-02-07 |
| CVE-2009-0581 | Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows contex... | 4.3 - MEDIUM | 2009-03-23 | 2023-02-13 |
| CVE-2008-5317 | Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 al... | 10 - HIGH | 2008-12-03 | 2018-10-03 |
| CVE-2008-5316 | Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows ... | 10 - HIGH | 2008-12-03 | 2017-09-29 |
| CVE-2007-2741 | Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a den... | 9.3 - HIGH | 2007-05-17 | 2017-07-29 |
Known software with vulnerabilities from Littlecms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Littlecms | Little Cms | 2.2 |
| Application | Littlecms | Little Cms Color Engine | 1.07 |