Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities
Little CMS is prone to a denial-of-service vulnerability and multiple memory-corruption vulnerabilities because it fails to perform adequate checks on user-supplied input.
Attackers may leverage these issues to execute arbitrary code in the context of the application or launch denial-of-service attacks.
Versions prior to Little CMS 1.18beta2 are vulnerable.
NOTE: Other applications that use Little CMS (such as Mozilla Firefox, OpenJDK, and GIMP) are vulnerable to these issues as well.