CVE-2018-16435

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
littlecmslittle_cms_color_engine
2.9
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lcms2
bookworm
2.14-2
fixed
bullseye
2.12~rc1-2
fixed
sid
2.16-2
fixed
trixie
2.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
bionic
Fixed 69.0.3497.81-0ubuntu0.18.04.1
released
cosmic
Fixed 69.0.3497.81-0ubuntu1
released
disco
Fixed 69.0.3497.81-0ubuntu1
released
trusty
dne
xenial
Fixed 69.0.3497.81-0ubuntu0.16.04.1
released
lcms
bionic
dne
cosmic
dne
disco
dne
trusty
dne
xenial
dne
lcms2
bionic
Fixed 2.9-1ubuntu0.1
released
cosmic
Fixed 2.9-3
released
disco
Fixed 2.9-3
released
trusty
Fixed 2.5-0ubuntu4.2
released
xenial
Fixed 2.6-3ubuntu2.1
released
oxide-qt
bionic
dne
cosmic
dne
disco
dne
trusty
dne
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
java-1_7_0-openjdk
suse enterprise sap 12 SP1
1.7.0.201-43.18.1
fixed
suse enterprise sap 12 SP3
1.7.0.201-43.18.1
fixed
suse enterprise sap 12 SP5
1.7.0.231-43.27.2
fixed
suse enterprise server 12
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP1
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP2
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP3
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP5
1.7.0.231-43.27.2
fixed
java-1_7_0-openjdk-demo
suse enterprise sap 12 SP1
1.7.0.201-43.18.1
fixed
suse enterprise sap 12 SP3
1.7.0.201-43.18.1
fixed
suse enterprise sap 12 SP5
1.7.0.231-43.27.2
fixed
suse enterprise server 12
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP1
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP2
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP3
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP5
1.7.0.231-43.27.2
fixed
java-1_7_0-openjdk-devel
suse enterprise sap 12 SP1
1.7.0.201-43.18.1
fixed
suse enterprise sap 12 SP3
1.7.0.201-43.18.1
fixed
suse enterprise sap 12 SP5
1.7.0.231-43.27.2
fixed
suse enterprise server 12
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP1
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP2
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP3
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP5
1.7.0.231-43.27.2
fixed
java-1_7_0-openjdk-headless
suse enterprise sap 12 SP1
1.7.0.201-43.18.1
fixed
suse enterprise sap 12 SP3
1.7.0.201-43.18.1
fixed
suse enterprise sap 12 SP5
1.7.0.231-43.27.2
fixed
suse enterprise server 12
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP1
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP2
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP3
1.7.0.201-43.18.1
fixed
suse enterprise server 12 SP5
1.7.0.231-43.27.2
fixed
java-1_8_0-openjdk
suse enterprise sap 12 SP1
1.8.0.191-27.29.1
fixed
suse enterprise sap 12 SP3
1.8.0.191-27.29.1
fixed
suse enterprise sap 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise sap 15
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP1
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP2
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP3
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP4
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP5
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP6
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP7
1.8.0.191-3.13.1
fixed
suse enterprise server 12 SP1
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP2
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP3
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise server 15
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP1
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP2
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP3
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP4
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP5
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP6
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP7
1.8.0.191-3.13.1
fixed
java-1_8_0-openjdk-demo
suse enterprise sap 12 SP1
1.8.0.191-27.29.1
fixed
suse enterprise sap 12 SP3
1.8.0.191-27.29.1
fixed
suse enterprise sap 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise sap 15
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP1
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP2
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP3
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP4
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP5
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP6
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP7
1.8.0.191-3.13.1
fixed
suse enterprise server 12 SP1
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP2
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP3
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise server 15
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP1
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP2
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP3
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP4
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP5
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP6
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP7
1.8.0.191-3.13.1
fixed
java-1_8_0-openjdk-devel
suse enterprise sap 12 SP1
1.8.0.191-27.29.1
fixed
suse enterprise sap 12 SP3
1.8.0.191-27.29.1
fixed
suse enterprise sap 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise sap 15
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP1
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP2
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP3
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP4
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP5
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP6
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP7
1.8.0.191-3.13.1
fixed
suse enterprise server 12 SP1
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP2
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP3
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise server 15
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP1
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP2
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP3
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP4
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP5
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP6
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP7
1.8.0.191-3.13.1
fixed
java-1_8_0-openjdk-headless
suse enterprise sap 12 SP1
1.8.0.191-27.29.1
fixed
suse enterprise sap 12 SP3
1.8.0.191-27.29.1
fixed
suse enterprise sap 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise sap 15
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP1
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP2
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP3
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP4
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP5
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP6
1.8.0.191-3.13.1
fixed
suse enterprise sap 15 SP7
1.8.0.191-3.13.1
fixed
suse enterprise server 12 SP1
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP2
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP3
1.8.0.191-27.29.1
fixed
suse enterprise server 12 SP5
1.8.0.222-27.35.2
fixed
suse enterprise server 15
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP1
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP2
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP3
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP4
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP5
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP6
1.8.0.191-3.13.1
fixed
suse enterprise server 15 SP7
1.8.0.191-3.13.1
fixed
lcms2
suse enterprise sap 12 SP3
2.7-9.7.1
fixed
suse enterprise sap 12 SP5
2.7-9.7.1
fixed
suse enterprise server 12 SP3
2.7-9.7.1
fixed
suse enterprise server 12 SP5
2.7-9.7.1
fixed
liblcms2-2
suse enterprise desktop 15
2.9-3.3.1
fixed
suse enterprise desktop 15 SP1
2.9-3.3.1
fixed
suse enterprise desktop 15 SP2
2.9-3.3.1
fixed
suse enterprise desktop 15 SP3
2.9-3.3.1
fixed
suse enterprise desktop 15 SP4
2.12-150400.1.10
fixed
suse enterprise desktop 15 SP5
2.12-150400.1.10
fixed
suse enterprise desktop 15 SP6
2.15-150600.1.5
fixed
suse enterprise desktop 15 SP7
2.15-150600.1.5
fixed
suse enterprise sap 12 SP3
2.7-9.7.1
fixed
suse enterprise sap 12 SP5
2.7-9.7.1
fixed
suse enterprise sap 15
2.9-3.3.1
fixed
suse enterprise sap 15 SP1
2.9-3.3.1
fixed
suse enterprise sap 15 SP2
2.9-3.3.1
fixed
suse enterprise sap 15 SP3
2.9-3.3.1
fixed
suse enterprise sap 15 SP4
2.12-150400.1.10
fixed
suse enterprise sap 15 SP5
2.12-150400.1.10
fixed
suse enterprise sap 15 SP6
2.15-150600.1.5
fixed
suse enterprise sap 15 SP7
2.15-150600.1.5
fixed
suse enterprise server 12 SP3
2.7-9.7.1
fixed
suse enterprise server 12 SP5
2.7-9.7.1
fixed
suse enterprise server 15
2.9-3.3.1
fixed
suse enterprise server 15 SP1
2.9-3.3.1
fixed
suse enterprise server 15 SP2
2.9-3.3.1
fixed
suse enterprise server 15 SP3
2.9-3.3.1
fixed
suse enterprise server 15 SP4
2.12-150400.1.10
fixed
suse enterprise server 15 SP5
2.12-150400.1.10
fixed
suse enterprise server 15 SP6
2.15-150600.1.5
fixed
suse enterprise server 15 SP7
2.15-150600.1.5
fixed
liblcms2-2-32bit
suse enterprise sap 12 SP3
2.7-9.7.1
fixed
suse enterprise sap 12 SP5
2.7-9.7.1
fixed
suse enterprise server 12 SP3
2.7-9.7.1
fixed
suse enterprise server 12 SP5
2.7-9.7.1
fixed
liblcms2-devel
suse enterprise desktop 15
2.9-3.3.1
fixed
suse enterprise desktop 15 SP1
2.9-3.3.1
fixed
suse enterprise desktop 15 SP2
2.9-3.3.1
fixed
suse enterprise desktop 15 SP3
2.9-3.3.1
fixed
suse enterprise desktop 15 SP4
2.12-150400.1.10
fixed
suse enterprise desktop 15 SP5
2.12-150400.1.10
fixed
suse enterprise desktop 15 SP6
2.15-150600.1.5
fixed
suse enterprise desktop 15 SP7
2.15-150600.1.5
fixed
suse enterprise sap 15
2.9-3.3.1
fixed
suse enterprise sap 15 SP1
2.9-3.3.1
fixed
suse enterprise sap 15 SP2
2.9-3.3.1
fixed
suse enterprise sap 15 SP3
2.9-3.3.1
fixed
suse enterprise sap 15 SP4
2.12-150400.1.10
fixed
suse enterprise sap 15 SP5
2.12-150400.1.10
fixed
suse enterprise sap 15 SP6
2.15-150600.1.5
fixed
suse enterprise sap 15 SP7
2.15-150600.1.5
fixed
suse enterprise server 15
2.9-3.3.1
fixed
suse enterprise server 15 SP1
2.9-3.3.1
fixed
suse enterprise server 15 SP2
2.9-3.3.1
fixed
suse enterprise server 15 SP3
2.9-3.3.1
fixed
suse enterprise server 15 SP4
2.12-150400.1.10
fixed
suse enterprise server 15 SP5
2.12-150400.1.10
fixed
suse enterprise server 15 SP6
2.15-150600.1.5
fixed
suse enterprise server 15 SP7
2.15-150600.1.5
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
chromium-browser
RHEL 6
0:70.0.3538.67-1.el6_10
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:3004
https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
https://github.com/mm2/Little-CMS/issues/171
https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html
https://security.gentoo.org/glsa/202105-18
https://usn.ubuntu.com/3770-1/
https://usn.ubuntu.com/3770-2/
https://www.debian.org/security/2018/dsa-4284
https://access.redhat.com/errata/RHSA-2018:3004
https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
https://github.com/mm2/Little-CMS/issues/171
https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html
https://security.gentoo.org/glsa/202105-18
https://usn.ubuntu.com/3770-1/
https://usn.ubuntu.com/3770-2/
https://www.debian.org/security/2018/dsa-4284