CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 2CVE-2009-0733 – LittleCms lack of upper-bounds check on sizes
https://notcve.org/view.php?id=CVE-2009-0733
23 Mar 2009 — Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. Múltiples desbordamientos de búfer basados en pila en la función ReadSetOfCurves en LittleCMS (alias LCMS o liblcms) antes d... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 18EXPL: 2CVE-2008-5316 – lcms: insufficient input validation in ReadEmbeddedTextTag
https://notcve.org/view.php?id=CVE-2008-5316
03 Dec 2008 — Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741. Desbordamiento de búfer en la función ReadEmbeddedTextTag en src/cmsio1.c en el motor de color Little cms (alias lcms), versiones anteriores a 1.16 que permite a los atacantes remotos conseguir un desconoc... • http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2008-5317 – lcms: unsigned -> signed integer cast issue in cmsAllocGamma
https://notcve.org/view.php?id=CVE-2008-5317
03 Dec 2008 — Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. Error de presencia de signo en entero en la función cmsAllocGamma en src/cmsgamma.c en Little cms color engine (alias lcms) en versiones anteriores a 1.17 que permite a los atacantes tener un impacto desco... • http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff&r1=1.16&r2=1.17 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 15%CPEs: 8EXPL: 2CVE-2007-2741 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2007-2741
17 May 2007 — Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file. Un desbordamiento de búfer en la región stack de la memoria en Little CMS (lcms) versiones anteriores a 1.15, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un perfil ICC diseñado en un archivo JPG. This GLSA contains notification... • http://osvdb.org/36179 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •