CVE-2018-16435 (retired)

Priority
Description
Little CMS (aka Little Color Management System) 2.9 has an integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the SetData function via a crafted file in the second
argument to cmsIT8LoadFromFile.
Assigned-to
leosilva
Package
Upstream:released (69.0.3497.81-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [no longer updated])
Ubuntu 16.04 LTS (Xenial Xerus):released (69.0.3497.81-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (69.0.3497.81-0ubuntu0.18.04.1)
Ubuntu 19.04 (Disco Dingo):released (69.0.3497.81-0ubuntu1)
Ubuntu 19.10 (Eoan):released (69.0.3497.81-0ubuntu1)
Package
Source: lcms (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.19.dfsg-1ubuntu3.1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
Package
Source: lcms2 (LP Ubuntu Debian)
Priority: Medium
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.2+git20110628-2ubuntu3.3)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.5-0ubuntu4.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.6-3ubuntu2.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.9-1ubuntu0.1)
Ubuntu 19.04 (Disco Dingo):released (2.9-3)
Ubuntu 19.10 (Eoan):released (2.9-3)
Patches:
Upstream:https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [Ubuntu touch end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (Ubuntu touch end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-08-23 09:31:06 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)