{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-03T00:00:00", "descriptions": [{"lang": "en", "value": "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-26T10:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3770-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3770-2/"}, {"name": "USN-3770-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3770-1/"}, {"name": "RHSA-2018:3004", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3004"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1496-1] lcms2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mm2/Little-CMS/issues/171"}, {"name": "DSA-4284", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4284"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"}, {"name": "GLSA-202105-18", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202105-18"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16435", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3770-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3770-2/"}, {"name": "USN-3770-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3770-1/"}, {"name": "RHSA-2018:3004", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3004"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1496-1] lcms2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"}, {"name": "https://github.com/mm2/Little-CMS/issues/171", "refsource": "MISC", "url": "https://github.com/mm2/Little-CMS/issues/171"}, {"name": "DSA-4284", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4284"}, {"name": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8", "refsource": "MISC", "url": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"}, {"name": "GLSA-202105-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202105-18"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:24:32.295Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3770-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3770-2/"}, {"name": "USN-3770-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3770-1/"}, {"name": "RHSA-2018:3004", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3004"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1496-1] lcms2 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mm2/Little-CMS/issues/171"}, {"name": "DSA-4284", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4284"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"}, {"name": "GLSA-202105-18", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202105-18"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-16435", "datePublished": "2018-09-04T00:00:00", "dateReserved": "2018-09-03T00:00:00", "dateUpdated": "2024-08-05T10:24:32.295Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:2.9:*:*:*:*:*:*:*", "matchCriteriaId": "08FF7CFA-711D-4DF6-A628-388B9569063B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile."}, {"lang": "es", "value": "Little CMS (tambi\u00e9n conocido como Little Color Management System) 2.9 tiene un desbordamiento de enteros en la funci\u00f3n AllocateDataSet en cmscgats.c que conduce a un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n SetData mediante un archivo manipulado en el segundo argumento en cmsIT8LoadFromFile."}], "id": "CVE-2018-16435", "lastModified": "2024-11-21T03:52:44.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-04T00:29:02.183", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3004"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/mm2/Little-CMS/issues/171"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202105-18"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3770-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3770-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4284"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/mm2/Little-CMS/issues/171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202105-18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3770-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3770-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4284"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3004", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:70.0.3538.67-1.el6_10", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2018-10-24T00:00:00Z"}], "bugzilla": {"description": "lcms2: Integer overflow in AllocateDataSet() in cmscgats.c leading to heap-based buffer overflow", "id": "1628969", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628969"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile."], "name": "CVE-2018-16435", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.8.0-openjdk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.7.0-openjdk", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "java-1.8.0-openjdk", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "lcms2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "lcms2", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-08-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-16435\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16435"], "statement": "This issue affects the versions of lcms2 as shipped with Red Hat Enterprise Linux 7.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-190: Integer Overflow leading to a CWE-122: Heap-based Buffer Overflow vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low.\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and enforced through least privilege, ensuring only authorized users can execute or modify code. Red Hat also applies least functionality, enabling only essential features, services, and ports to reduce the attack surface for heap-based buffer overflow exploits. The environment uses IPS/IDS and antimalware solutions to detect and respond to threats in real time, helping prevent or limit exploitation attempts. Static code analysis and peer reviews ensure all user inputs are thoroughly validated, reducing the risk of system instability, data exposure, or privilege escalation. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against buffer overflows and denial-of-service attacks.", "threat_severity": "Moderate"}

{}