Little CMS Buffer Overflow and Integer Signedness Vulnerabilities

Little CMS Buffer Overflow and Integer Signedness Vulnerabilities

Little CMS is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. The application is also prone to an integer-signedness issue.

Attackers may leverage one of these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The buffer-overflow issue affects all versions prior to Little CMS 1.16. The integer-signedness affects all versions prior to 1.17.