Published: 09 April 2009
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
as per upstream post to lcms-user: No code injection can be done using this bug. Using monochrome profiles is rare, and using them in the output direction is a corner case. This bug is only exploitable if the application uses monochrome output, and then the crafted profile should be in the output direction. Does not affect input profiles, so an attacker could NOT use this flaw by creating a specially-crafted image.