CVE-2018-16435

Published: Sep 4, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

Affected (10)

Products: Littlecms: Little Cms Color Engine · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · +1 more

Show all products

Littlecms: Little Cms Color Engine · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Debian: Debian Linux

1 product

Little Cms Color Engine

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Littlecms Little Cms Color Engine	Version 2.9

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (16)

https://access.redhat.com/errata/RHSA-2018:3004

Source: cve@mitre.org

Third Party Advisory

https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/mm2/Little-CMS/issues/171

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202105-18

Source: cve@mitre.org

https://usn.ubuntu.com/3770-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3770-2/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4284

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3004

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/mm2/Little-CMS/issues/171

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202105-18

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/3770-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3770-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4284

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.