Debian dsa-6262 : liblcms2-2 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6262 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6262-1 [email protected]...

Denial Of Service (DoS) Through Heap Out-of-Bounds (OOB) Read

liblcms2.so is vulnerable to denial of service DoS attacks. The vulnerability exists through a heap out-of-bound OOB read in TypeMLURead of cmstypes.c where the MLU bounds were not properly checked, causing the DoS attack...

Denial Of Service (DoS)

liblcms2.so is vulnerable to denial of service. The vulnerability exists in the AllocateDataSet function of cmscgats.c because of not limiting the size of the Data from integer multiplication, leading to an attack if a malicious IT8 calibration file is passed to the second argument to...

Denial Of Service (DoS)

liblcms2.so is vulnerable to denial of service. The vulnerability exists through a heap out-of-bound read in TypeMLURead function of cmstypes.c where the MLU bounds were not properly checked, causing the application crash...

CVE-2018-11555

tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2...

CVE-2018-11556

tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to t...

Design/Logic Flaw

DISPUTED tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the...

CVE-2018-11556

Little CMS 2.9 has an out-of-bounds write in cmsPipelineCheckAndRetreiveStages (cmslut.c) within liblcms2.a triggered by a crafted TIFF file. Several sources note the issue stems from a sample-program interaction with LIBTIFF and that the vulnerability cannot be reproduced on the lcms2 library it...

[SECURITY] [DLA 1168-1] graphicsmagick security update

Package : graphicsmagick Version : 1.3.16-1.1+deb7u14 CVE ID : CVE-2017-16669 A remote denial of service vulnerability has been discovered in graphicsmagick, a collection of image processing tools and associated libraries. A specially crafted file can be used to produce a heap-based buffer overfl...

Double free

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler...

DEBIAN-CVE-2013-7455

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler...

CVE-2013-7455

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler...

CVE-2013-7455

CVE-2013-7455 is a double-free vulnerability in Little CMS (liblcms2) affecting Little CMS 2.x up to 2.5/2.6 in the DefaultICCintents function. A specially crafted ICC profile can trigger an error in the default intent handler, allowing remote attackers to execute arbitrary code or crash the host...

UBUNTU-CVE-2013-7455

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler...

CVE-2013-7455

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler...