cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
Max CVSS
4.3
EPSS Score
5.27%
Published
2009-04-09
Updated
2023-02-13
Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
Max CVSS
9.3
EPSS Score
3.18%
Published
2007-05-17
Updated
2017-07-29
2 vulnerabilities found