Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.
2013-09-28T19:55:03.163
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | littlecms | little_cms_color_engine | ≤ 1.19 | Yes |
| Application | littlecms | little_cms_color_engine | 1.07 | Yes |
| Application | littlecms | little_cms_color_engine | 1.08 | Yes |
| Application | littlecms | little_cms_color_engine | 1.09 | Yes |
| Application | littlecms | little_cms_color_engine | 1.10 | Yes |
| Application | littlecms | little_cms_color_engine | 1.11 | Yes |
| Application | littlecms | little_cms_color_engine | 1.12 | Yes |
| Application | littlecms | little_cms_color_engine | 1.13 | Yes |
| Application | littlecms | little_cms_color_engine | 1.14 | Yes |
| Application | littlecms | little_cms_color_engine | 1.15 | Yes |
| Application | littlecms | little_cms_color_engine | 1.16 | Yes |
| Application | littlecms | little_cms_color_engine | 1.17 | Yes |
| Application | littlecms | little_cms_color_engine | 1.18 | Yes |