Search for packages
Package details: pkg:deb/debian/lcms2@2.8-4%2Bdeb9u1
purl pkg:deb/debian/lcms2@2.8-4%2Bdeb9u1
Next non-vulnerable version 2.9-3
Latest non-vulnerable version 2.9-3
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-tst4-dhas-aaap
Aliases:
CVE-2018-16435
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
2.9-3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-7g8v-91fw-aaan The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. CVE-2016-10165
VCID-tst4-dhas-aaap Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. CVE-2018-16435

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:02:44.433540+00:00 Debian Oval Importer Fixing VCID-7g8v-91fw-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:47:31.890228+00:00 Debian Oval Importer Affected by VCID-tst4-dhas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T10:17:58.627904+00:00 Debian Oval Importer Fixing VCID-tst4-dhas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T00:01:58.578281+00:00 Debian Oval Importer Affected by VCID-tst4-dhas-aaap None 36.1.3
2025-06-20T20:02:49.109041+00:00 Debian Oval Importer Fixing VCID-7g8v-91fw-aaan None 36.1.3
2025-06-20T19:59:14.208692+00:00 Debian Oval Importer Fixing VCID-tst4-dhas-aaap None 36.1.3
2025-06-08T11:55:37.457521+00:00 Debian Oval Importer Affected by VCID-tst4-dhas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:34:25.587834+00:00 Debian Oval Importer Fixing VCID-7g8v-91fw-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:02:13.003014+00:00 Debian Oval Importer Affected by VCID-tst4-dhas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:05:40.201057+00:00 Debian Oval Importer Fixing VCID-tst4-dhas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-07T17:24:46.049752+00:00 Debian Oval Importer Affected by VCID-tst4-dhas-aaap None 36.1.0
2025-06-07T13:50:34.037307+00:00 Debian Oval Importer Fixing VCID-7g8v-91fw-aaan None 36.1.0
2025-06-07T13:48:54.992430+00:00 Debian Oval Importer Fixing VCID-tst4-dhas-aaap None 36.1.0
2025-04-12T19:57:34.240184+00:00 Debian Oval Importer Fixing VCID-7g8v-91fw-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:40:46.652205+00:00 Debian Oval Importer Affected by VCID-tst4-dhas-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:15:49.251376+00:00 Debian Oval Importer Fixing VCID-7g8v-91fw-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:33:07.309543+00:00 Debian Oval Importer Affected by VCID-tst4-dhas-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T02:34:06.435256+00:00 Debian Oval Importer Fixing VCID-tst4-dhas-aaap https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-07T15:58:59.337374+00:00 Debian Oval Importer Affected by VCID-tst4-dhas-aaap None 36.0.0
2025-04-07T12:25:30.550130+00:00 Debian Oval Importer Fixing VCID-7g8v-91fw-aaan None 36.0.0
2025-04-07T12:23:55.885751+00:00 Debian Oval Importer Fixing VCID-tst4-dhas-aaap None 36.0.0