CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0CVE-2009-0793 – lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles
https://notcve.org/view.php?id=CVE-2009-0793
09 Apr 2009 — cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles." cmsxform.c en LittleCMS (también conocido como lcms o liblcms) v1.18, con el utilizado en OpenJDK y otros productos, permite a atacantes remotos provocar una denegación de servicio (desreferenciación de puntero ... • http://secunia.com/advisories/34623 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 18EXPL: 2CVE-2008-5316 – lcms: insufficient input validation in ReadEmbeddedTextTag
https://notcve.org/view.php?id=CVE-2008-5316
03 Dec 2008 — Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741. Desbordamiento de búfer en la función ReadEmbeddedTextTag en src/cmsio1.c en el motor de color Little cms (alias lcms), versiones anteriores a 1.16 que permite a los atacantes remotos conseguir un desconoc... • http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsio1.c?r1=1.33&r2=1.34 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0CVE-2008-5317 – lcms: unsigned -> signed integer cast issue in cmsAllocGamma
https://notcve.org/view.php?id=CVE-2008-5317
03 Dec 2008 — Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. Error de presencia de signo en entero en la función cmsAllocGamma en src/cmsgamma.c en Little cms color engine (alias lcms) en versiones anteriores a 1.17 que permite a los atacantes tener un impacto desco... • http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff&r1=1.16&r2=1.17 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 15%CPEs: 8EXPL: 2CVE-2007-2741 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2007-2741
17 May 2007 — Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file. Un desbordamiento de búfer en la región stack de la memoria en Little CMS (lcms) versiones anteriores a 1.15, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un perfil ICC diseñado en un archivo JPG. This GLSA contains notification... • http://osvdb.org/36179 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •