Fluid Attacks Database

Description

Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	java-1.8.0-openjdk	-	-
rpm rhel8	java-17-openjdk	-	-
rpm rhel10	java-25-openjdk	-	-
rpm rhel7	lcms2	-	-
debian 13	lcms2	=2.16-2 \|\| =2.16-2+deb13u1 \|\| >=0 <2.16-2+deb13u2	2.16-2+deb13u2
debian 14	lcms2	=2.16-2 \|\| =2.17-1 \|\| >=0 <2.17-1.1	2.17-1.1
rpm rhel10	glycin-loaders	-	-
rpm rhel9	java-17-openjdk	-	-
rpm rhel8	lcms2	-	-
debian 11	lcms2	=2.12~rc1-2 \|\| >=0 <2.12~rc1-2+deb11u1	2.12~rc1-2+deb11u1

1-10 of 23

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.