• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Little CMS ICC Profile Stack Buffer Overflow Vulnerability

Little CMS is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This issue stems from an error in LCMS when parsing ICC profiles.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected library. Failed exploits attempts will likely result in denial-of-service conditions.

Versions prior to Little CMS 1.15 are vulnerable to this issue.