Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 6 of 6 results


CVE-2018-16435

Medium priority

Some fixes available 9 of 10

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument...

4 affected packages

chromium-browser, lcms, lcms2, oxide-qt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Fixed Fixed
lcms Not in release Not in release
lcms2 Fixed Fixed
oxide-qt Not in release Ignored
Show less packages

CVE-2016-10165

Low priority

Some fixes available 5 of 9

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

3 affected packages

lcms2, openjdk-7, openjdk-8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lcms2 Fixed Fixed
openjdk-7 Not in release Not in release
openjdk-8 Not affected Not affected
Show less packages

CVE-2013-7455

Medium priority
Fixed

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default...

2 affected packages

ghostscript, lcms2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected
lcms2 Not affected
Show less packages

CVE-2014-0459

Low priority

Some fixes available 11 of 17

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.

3 affected packages

lcms2, openjdk-6, openjdk-7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lcms2 Not affected Not affected Not affected Not affected Not affected
openjdk-6 Not in release Not in release Not in release Not in release Not in release
openjdk-7 Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2013-4276

Low priority
Ignored

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to...

3 affected packages

ghostscript, lcms, lcms2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected Not affected
lcms Not in release Not in release
lcms2 Not affected Not affected
Show less packages

CVE-2013-4160

Medium priority
Fixed

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves,...

3 affected packages

ghostscript, lcms, lcms2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript
lcms
lcms2
Show less packages