Littlecms Little Cms Color Engine — known CVE vulnerabilities
Every CVE whose affected-product data names Littlecms Little Cms Color Engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2008-5317 — CVSS 10.0 (critical): Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers…
CVE-2008-5316 — CVSS 10.0 (critical): Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to…
CVE-2013-7455 — CVSS 9.8 (critical): Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers…
CVE-2016-10165 — CVSS 7.1 (high): The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a…
CVE-2018-16435 — CVSS 5.5 (medium): Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a…
CVE-2013-4160 — CVSS 5.0 (medium): Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL…
CVE-2013-4276 — CVSS 4.3 (medium): Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of…