Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.
Max CVSS
10.0
EPSS Score
1.18%
Published
2008-12-03
Updated
2018-10-03
Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.
Max CVSS
10.0
EPSS Score
1.09%
Published
2008-12-03
Updated
2017-09-29
Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
Max CVSS
9.3
EPSS Score
3.18%
Published
2007-05-17
Updated
2017-07-29
3 vulnerabilities found