Little CMS (lcms2) prior to 2.5, as used in OpenJDK 7 and possibly other products, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
littlecms little cms color engine 1.13 |
||
littlecms little cms color engine 1.12 |
||
littlecms little cms color engine 1.11 |
||
littlecms little cms color engine 1.19 |
||
littlecms little cms color engine 1.18 |
||
littlecms little cms color engine 2.2 |
||
littlecms little cms color engine 2.3 |
||
littlecms little cms color engine |
||
littlecms little cms color engine 1.10 |
||
littlecms little cms color engine 1.09 |
||
littlecms little cms color engine 1.16 |
||
littlecms little cms color engine 1.14 |
||
littlecms little cms color engine 1.07 |
||
littlecms little cms color engine 2.1 |
||
littlecms little cms color engine 1.17 |
||
littlecms little cms color engine 1.15 |
||
littlecms little cms color engine 1.08 |
||
littlecms little cms color engine 2.0 |