Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2018-16435

Medium priority

Some fixes available 9 of 10

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument...

4 affected packages

chromium-browser, lcms, lcms2, oxide-qt

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Fixed Fixed
lcms Not in release Not in release
lcms2 Fixed Fixed
oxide-qt Not in release Ignored
Show less packages

CVE-2016-10165

Low priority

Some fixes available 5 of 9

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

3 affected packages

lcms2, openjdk-7, openjdk-8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lcms2 Fixed Fixed
openjdk-7 Not in release Not in release
openjdk-8 Not affected Not affected
Show less packages

CVE-2013-7455

Medium priority
Fixed

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default...

2 affected packages

ghostscript, lcms2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected
lcms2 Not affected
Show less packages

CVE-2014-0459

Low priority

Some fixes available 11 of 17

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.

3 affected packages

lcms2, openjdk-6, openjdk-7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lcms2 Not affected Not affected Not affected Not affected Not affected
openjdk-6 Not in release Not in release Not in release Not in release Not in release
openjdk-7 Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2013-4276

Low priority
Ignored

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to...

3 affected packages

ghostscript, lcms, lcms2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected Not affected
lcms Not in release Not in release
lcms2 Not affected Not affected
Show less packages

CVE-2013-4160

Medium priority
Fixed

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves,...

3 affected packages

ghostscript, lcms, lcms2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript
lcms
lcms2
Show less packages

CVE-2009-0793

Low priority

Some fixes available 5 of 11

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers...

2 affected packages

lcms, openjdk-6

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lcms
openjdk-6
Show less packages

CVE-2009-0733

Medium priority
Fixed

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code...

1 affected packages

lcms

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lcms
Show less packages

CVE-2009-0723

Medium priority
Fixed

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a...

1 affected packages

lcms

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lcms
Show less packages

CVE-2009-0581

Low priority
Fixed

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via...

1 affected packages

lcms

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lcms
Show less packages