CVE-2018-16435

Priority
Description
Little CMS (aka Little Color Management System) 2.9 has an integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the SetData function via a crafted file in the second
argument to cmsIT8LoadFromFile.
Assigned-to
leosilva
Package
Upstream:released (69.0.3497.81-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (no longer updated)
Ubuntu 16.04 LTS (Xenial Xerus):released (69.0.3497.81-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (69.0.3497.81-0ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (69.0.3497.81-0ubuntu1)
Ubuntu 19.04 (Disco Dingo):released (69.0.3497.81-0ubuntu1)
Package
Source: lcms (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.19.dfsg-1ubuntu3.1)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Patches:
Upstream:https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
Package
Source: lcms2 (LP Ubuntu Debian)
Priority: Medium
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.2+git20110628-2ubuntu3.3)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.5-0ubuntu4.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.6-3ubuntu2.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.9-1ubuntu0.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.9-3)
Ubuntu 19.04 (Disco Dingo):released (2.9-3)
Patches:
Upstream:https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (Ubuntu touch end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (Ubuntu touch end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
More Information

Updated: 2019-01-14 21:30:27 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)