Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0793 | 2 Littlecms, Sun | 2 Lcms, Openjdk | 2023-02-12 | 4.3 MEDIUM | N/A |
| cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." | |||||
| CVE-2008-5317 | 1 Littlecms | 2 Lcms, Little Cms Color Engine | 2018-10-03 | 10.0 HIGH | N/A |
| Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. | |||||
| CVE-2008-5316 | 1 Littlecms | 2 Lcms, Little Cms Color Engine | 2017-09-28 | 10.0 HIGH | N/A |
| Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741. | |||||
| CVE-2007-2741 | 1 Littlecms | 1 Lcms | 2017-07-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file. | |||||