CVE-2018-16435 — Integer Overflow or Wraparound in Little CMS Color Engine
Severity
5.5MEDIUMNVD
OSV7.1
EPSS
0.4%
top 36.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedSep 4
Latest updateMay 13
Description
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
4💬Community
7Bugzilla▶
CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2↗2018-10-17
Bugzilla▶
CVE-2018-16435 CVE-2018-17462 CVE-2018-17463 CVE-2018-17464 CVE-2018-17465 CVE-2018-17466 CVE-2018-17467 CVE-2018-17468 CVE-2018-17469 CVE-2018-17470 CVE-2018-17471 CVE-2018-17473 CVE-2018-17474 CVE-2↗2018-10-17
Bugzilla▶
CVE-2018-16435 lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow [epel-6]↗2018-09-14
Bugzilla▶
CVE-2018-16435 mingw-lcms2: lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow [fedora-all]↗2018-09-14