USN-8209-2: Little CMS vulnerability

USN-8209-1 fixed vulnerabilities in Little CMS. This update contains the fixes for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use thi...

CVE-2018-11556

tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to t...

Ubuntu 14.04 LTS : Little CMS vulnerability (USN-2961-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2961-1 advisory. It was discovered that a double free could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to speciall...

lcms: insufficient input validation in ReadEmbeddedTextTag

Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine aka lcms before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than...