Heap-based Buffer Overflow in Little CMS 2.9

Heap-based Buffer Overflow in Little CMS 2.9

CVE-2018-16435 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

Learn more about our Cms Pen Testing.