Integer Overflow Vulnerability in Little CMS 2.9 Leading to Buffer Overflow
CVE-2018-16435

5.5MEDIUM

Key Information:

Vendor

Littlecms

Status
Little Cms Color Engine
Vendor
CVE Published:
4 September 2018

What is CVE-2018-16435?

Little CMS 2.9 suffers from an integer overflow in the AllocateDataSet function located in cmscgats.c. This vulnerability allows for a heap-based buffer overflow in the SetData function when processing a specially crafted file passed as the second argument to cmsIT8LoadFromFile. Successful exploitation can lead to unexpected behavior or execution of arbitrary code, highlighting the importance of timely security updates and code review.

References

https://usn.ubuntu.com/3770-2/
vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3770-1/
vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3004
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.