Little CMS Memory Leak and Multiple Memory Corruption Vulnerabilities

Little CMS is prone to a denial-of-service vulnerability and multiple memory-corruption vulnerabilities because it fails to perform adequate checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of the application or launch denial-of-service attacks.

Versions prior to Little CMS 1.18beta2 are vulnerable.

NOTE: Other applications that use Little CMS (such as Mozilla Firefox, OpenJDK, and GIMP) are vulnerable to these issues as well.


Privacy Statement
Copyright 2010, SecurityFocus