UBUNTU-CVE-2025-29069

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-29069
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-29069.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-29069
Related
  • CVE-2025-29069
Withdrawn
2025-06-23T16:00:36Z
Published
2025-04-01T20:15:00Z
Modified
2026-02-04T04:31:33.871729Z
Summary
[none]
Details

A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations.

References

Affected packages

Ubuntu:20.04:LTS
lcms2

Package

Name
lcms2
Purl
pkg:deb/ubuntu/lcms2@2.9-4?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.9-4

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-29069.json"
Ubuntu:22.04:LTS
lcms2

Package

Name
lcms2
Purl
pkg:deb/ubuntu/lcms2@2.12~rc1-2build2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.12~rc1-2
2.12~rc1-2build1
2.12~rc1-2build2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-29069.json"
Ubuntu:24.04:LTS
lcms2

Package

Name
lcms2
Purl
pkg:deb/ubuntu/lcms2@2.14-2build1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.14-2
2.14-2build1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-29069.json"
Ubuntu:24.10
lcms2

Package

Name
lcms2
Purl
pkg:deb/ubuntu/lcms2@2.14-2build1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.14-2build1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-29069.json"
Ubuntu:Pro:14.04:LTS
lcms2

Package

Name
lcms2
Purl
pkg:deb/ubuntu/lcms2@2.5-0ubuntu4.2?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.5-0ubuntu1
2.5-0ubuntu2
2.5-0ubuntu3
2.5-0ubuntu4
2.5-0ubuntu4.1
2.5-0ubuntu4.2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-29069.json"
Ubuntu:Pro:16.04:LTS
lcms2

Package

Name
lcms2
Purl
pkg:deb/ubuntu/lcms2@2.6-3ubuntu2.1?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.6-3ubuntu2
2.6-3ubuntu2.1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-29069.json"
Ubuntu:Pro:18.04:LTS
lcms2

Package

Name
lcms2
Purl
pkg:deb/ubuntu/lcms2@2.9-1ubuntu0.1?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.7-1ubuntu1
2.8-4
2.9-1
2.9-1ubuntu0.1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-29069.json"