CVE search results

1 – 10 of 15 results

Detailed view

Sort by:

CVE-2025-29070

Medium priority

Not affected

A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because “this is not exploitable as...

1 affected package

lcms2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lcms2	Not affected	Not affected	Not affected	Not affected

CVE-2025-29069

Medium priority

Not affected

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is...

1 affected package

lcms2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lcms2	Not affected	Not affected	Not affected	Not affected

CVE-2018-16435

Medium priority

Some fixes available 9 of 10

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument...

4 affected packages

chromium-browser, lcms, lcms2, oxide-qt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
chromium-browser	—	—	—	Fixed
lcms	—	—	—	Not in release
lcms2	—	—	—	Fixed
oxide-qt	—	—	—	Not in release

CVE-2016-10165

Low priority

Some fixes available 5 of 9

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

3 affected packages

lcms2, openjdk-7, openjdk-8

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lcms2	—	—	—	Fixed
openjdk-7	—	—	—	Not in release
openjdk-8	—	—	—	Not affected

CVE-2014-0459

Low priority

Some fixes available 11 of 17

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.

3 affected packages

lcms2, openjdk-6, openjdk-7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lcms2	Not affected	Not affected	Not affected	Not affected
openjdk-6	Not in release	Not in release	Not in release	Not in release
openjdk-7	Not in release	Not in release	Not in release	Not in release

CVE-2013-7455

Medium priority

Fixed

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default...

2 affected packages

ghostscript, lcms2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
lcms2	—	—	—	—

CVE-2013-4276

Low priority

Ignored

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to...

3 affected packages

lcms, ghostscript, lcms2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lcms	—	—	—	Not in release
ghostscript	—	—	—	Not affected
lcms2	—	—	—	Not affected

CVE-2013-4160

Medium priority

Fixed

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves,...

3 affected packages

ghostscript, lcms, lcms2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
lcms	—	—	—	—
lcms2	—	—	—	—

CVE-2009-0793

Low priority

Some fixes available 5 of 11

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers...

2 affected packages

lcms, openjdk-6

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lcms	—	—	—	—
openjdk-6	—	—	—	—

CVE-2009-0733

Medium priority

Fixed

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code...

1 affected package

lcms

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lcms	—	—	—	—

Export to JSON

Results by page:

Search CVE reports