CVE-2007-2741

Little CMS <1.15 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.

References (11)

Core 11
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1837
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-652-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36179
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32282
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34331
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27756
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_24_sr.html
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25294
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:238
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24001

Scores

EPSS 0.0793
EPSS Percentile 94.1%

Details

CWE
CWE-119
Status published
Products (8)
littlecms/lcms 1.07
littlecms/lcms 1.08
littlecms/lcms 1.09
littlecms/lcms 1.10
littlecms/lcms 1.11
littlecms/lcms 1.12
littlecms/lcms 1.13
littlecms/lcms < 1.14
Published May 17, 2007
Tracked Since Feb 18, 2026