925 matches found
USN-8209-2: Little CMS vulnerability
USN-8209-1 fixed vulnerabilities in Little CMS. This update contains the fixes for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use thi...
USN-8209-2 lcms2 vulnerability
USN-8209-1 fixed vulnerabilities in Little CMS. This update contains the fixes for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use thi...
gdk-pixbuf2 security update
2.36.12-3.0.3 - Backport fixes for CVE-2026-5201 Orabug: 39288631 2.36.12-3.0.1 - jpeg: Be more careful with chunked icc data Orabug: 38359772CVE-2025-7345...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted. This issue was fixed to avoid NULL pointer dereference during runtim...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: interconnect: Fixed locking issues related to runpm and reclaim. For cases where iccbwset can be called in contexts that may lead to deadlocks with shrinker/reclaim, such as during runpm resume, we need to separate the icc...
Linux Distros Unpatched Vulnerability : CVE-2026-43335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynam...
CVE-2026-8813
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...
CVE-2026-8813
CVE-2026-8813 affects exifreader before 4.39.0. A crafted ICC profile mluc tag allows an attacker-controlled record count with a zero record size, causing the parser to repeatedly process the same records and grow memory usage, leading to DoS. Proof-of-concept in SNYK shows a large loop with mluc...
CVE-2026-8813
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficien...
OESA-2026-2326 lcms2 security update
LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard ICC, which is the modern standard when regarding to color management. The ICC specification is widely used and is...
EUVD-2026-28619
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...
CVE-2026-43335
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...
CVE-2026-43335
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...
UBUNTU-CVE-2026-43335
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...
CVE-2026-43335 interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes()
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...
CVE-2026-43335
CVE-2026-43335 pertains to the Linux kernel interconnect driver for Qualcomm SM8450. The issue arises from unconverted dynamic IDs for platform interconnects, which can lead to a NULL pointer dereference in icc_link_nodes() at runtime when a destination interconnect pointer is invalid. The conseq...
USN-8250-1: Little CMS vulnerability
It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could possibly use this issue to cause Little CMS to crash, resulting in a denial of service...
Astra Linux - уязвимость в exiv2
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was discovered in Exiv2 versions v0.27.4 and earlier. This infinite loop occurs when Exiv2 is used to print the metadata of a specially crafted image file. A...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Little CMS vulnerability (USN-8209-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8209-1 advisory. It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use this issue to cause...
CVE-2026-34536
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a stack overflow SO in SIccCalcOp::ArgsUsed. The issue is observable under AddressSanitizer as a stack-overflow when iccApplyProfiles processes ...