MGASA-2026-0214 Updated lcms2 packages fix security vulnerability

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254...

Amazon Linux 2023 : lcms2, lcms2-devel, lcms2-utils (ALAS2023-2026-1474)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1474 advisory. A heap buffer overflow vulnerability has been identified in thesmooth2 in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because...

Amazon Linux 2023 : jxl-pixbuf-loader, libjxl, libjxl-devel (ALAS2023-2026-1459)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1459 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area...

SUSE CVE-2026-1837

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...

CVE-2026-1837

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...

CVE-2026-1837

The connected records confirm CVE-2026-1837 affects libjxl’s decoder when LCMS2 is used as the CMS. A specially-crafted file can trigger an out-of-bounds write by transforming grayscale images to another grayscale color space, where buffers allocated for 1-float-per-pixel are treated as 3-float-p...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the IsNeeded function when using LCMS2. An attacker can achieve arbitrary code execution or cause a denial of service by tricking a user into processing a specially crafted image file. Remediation Upgrade libjxl ...

java-1.8.0-openjdk security update

1.8.0.482.b08-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:1.8.0.482.b08-1 - Update to 8u482-b08 GA. - Update release notes for 8u482-b08. - Remove generated-configure.sh changes from JDK-8141590 & FIPS patch as we already autogenerate this - Turn on system FreeType as on later JDK versio...

EUVD-2016-10775

Malware in sbrugna...

AZL-59467 CVE-2025-29070 affecting package openjpeg2 2.3.1-12

A heap buffer overflow vulnerability has been identified in thesmooth2 in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color management, is there...

UBUNTU-CVE-2025-29069

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations...

PT-2025-14384 · Lcms2 +1 · Lcms2 +1

Name of the Vulnerable Software and Affected Versions: lcms2 version 2.16 Description: A heap buffer overflow issue has been identified in the thesmooth2 function in cmsgamma.c that allows a remote attacker to cause a denial of service. This issue affects the lcms2 library, potentially allowing f...

RHSA-2009:0339 Red Hat Security Advisory: lcms security update

Bulletin has no description...

RHSA-2009:0011 Red Hat Security Advisory: lcms security update

Bulletin has no description...

OPENSUSE-SU-2024:10340-1 lcms-1.19-19.8 on GA media

These are all security issues fixed in the lcms-1.19-19.8 package on the GA media of openSUSE Tumbleweed...

RHEL 5 : lcms (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - lcms: Null pointer dereference DoS by handling transformations of monochrome profiles CVE-2009-0793 - lcm...

RHEL 6 : lcms (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - lcms: Stack-based buffer overflows in ColorSpace conversion calculator and TIFF compare utility CVE-2013-4276 Note...

java-11-openjdk security and bug fix update

1:11.0.20.0.8-2.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:11.0.20.0.8-2 - Bump release number so we are newer than 9.0 - Related: rhbz2221106 1:11.0.20.0.8-1 - Update to jdk-11.0.20.0+8 GA - Update release notes to 11.0.20.0+8 - Drop local inclusion of JDK-8274864 & JDK-8305113 as they a...

Ubuntu: Security Advisory (USN-3770-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2013-0260)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...