9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
71.8%
Multiple stack-based buffer overflows in the ReadSetOfCurves function in
LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox
3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute
arbitrary code via a crafted image file associated with a large integer
value for the (1) input or (2) output channel, related to the ReadLUT_A2B
and ReadLUT_B2A functions.