Littlecms Lcms vulnerabilities

CVE-2009-0793 [MEDIUM] CWE-20 CVE-2009-0793: cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows re cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."

CVE-2008-5316 [CRITICAL] CVE-2008-5316: Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.

CVE-2008-5317 [CRITICAL] CWE-189 CVE-2008-5317: Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.

CVE-2007-2741 [CRITICAL] CWE-119 CVE-2007-2741: Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbi Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.