Out-of-bounds read In lcms2
Description
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 alpine v3.15 | 2.9-r1 | ||
alpine v3.14 | 2.9-r1 | ||
alpine v3.11 | 2.9-r1 | ||
alpine v3.21 | 2.9-r1 | ||
alpine v3.10 | 2.9-r1 | ||
alpine v3.12 | 2.9-r1 | ||
alpine v3.22 | 2.9-r1 | ||
 debian 11 | 2.9-3 | ||
debian 13 | 2.9-3 | ||
alpine v3.13 | 2.9-r1 |
1-10 of 22
10
Aliases
1. 2. 3. 4. 5. 6. 7.