Vulnerabilities > Littlecms > Little CMS Color Engine > 1.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-03 | CVE-2016-10165 | Out-of-bounds Read vulnerability in multiple products The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | 7.1 |
| 2014-01-21 | CVE-2013-4160 | Unspecified vulnerability in Littlecms Little CMS Color Engine Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed. | 5.0 |
| 2013-09-28 | CVE-2013-4276 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Littlecms Little CMS Color Engine Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility. | 4.3 |