CVE-2018-16435
Description
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.45
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2018:3545-1(SUSE Linux Enterprise Desktop 12-SP3 ) lcms2-2.7-9.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3545-1(SUSE Linux Enterprise Desktop 12-SP3 ) lcms2-debuginfo-2.7-9.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3545-1(SUSE Linux Enterprise Desktop 12-SP3 ) lcms2-debugsource-2.7-9.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3545-1(SUSE Linux Enterprise Desktop 12-SP3 ) liblcms2-2-2.7-9.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3545-1(SUSE Linux Enterprise Desktop 12-SP3 ) liblcms2-2-32bit-2.7-9.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3545-1(SUSE Linux Enterprise Desktop 12-SP3 ) liblcms2-2-debuginfo-2.7-9.7.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3545-1(SUSE Linux Enterprise Desktop 12-SP3 ) liblcms2-2-debuginfo-32bit-2.7-9.7.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_7_0-openjdk-1.7.0.201-43.18.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_7_0-openjdk-debuginfo-1.7.0.201-43.18.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP3 ) java-1_7_0-openjdk-debugsource-1.7.0.201-43.18.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_7_0-openjdk-headless-1.7.0.201-43.18.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0049-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-43.18.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-1.8.0.191-27.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-debuginfo-1.8.0.191-27.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-debugsource-1.8.0.191-27.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-headless-1.8.0.191-27.29.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0057-1(SUSE Linux Enterprise Desktop 12-SP4 ) java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-27.29.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234