CVE-2018-11556
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-11556
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11556.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-11556
- Withdrawn
- 2020-08-18T20:36:50Z
- Published
- 2018-05-30T04:29:00Z
- Modified
- 2025-01-14T07:21:29.158013Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the lcms2 library, lcms2 does not depends on LIBTIFF other than to build sample programs, and the issue cannot be reproduced on the lcms2 library.”
- References
Affected packages
Git / github.com/mm2/little-cms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mm2/little-cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
lcms2-2.*
lcms2-2.7
lcms2.*
lcms2.2
lcms2.2rc0
lcms2.2rc1
lcms2.2rc2
lcms2.3
lcms2.3rc1
lcms2.3rc2
lcms2.3rc3
lcms2.4
lcms2.4rc1
lcms2.4rc2
lcms2.5
lcms2.5rc1
lcms2.5rc2
lcms2.5rc3
lcms2.6
lcms2.6rc0
lcms2.6rc1
lcms2.6rc3
lcms2.7rc1
lcms2.7rc2
lcms2.7rc3
lcms2.8
lcms2.8rc2
lcms2.9
lcms2.9rc1