| Package | lcms |
|---|---|
| Version | 1.19.dfsg2-1.2+deb7u2 |
| Related CVEs | CVE-2018-16435 |
Little CMS (aka Little Color Management System) has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
For Debian 7 Wheezy, these problems have been fixed in version 1.19.dfsg2-1.2+deb7u2.
We recommend that you upgrade your lcms packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.