View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-16435 severity moderate: SUSE including 309 source package names (11:liblcms2-2-2.9-3.3.1, 9.0.97-openjdk8-59.4:java-1_8_0-openjdk-1.8.0.191-3.13.1, …), 550 product×package rows across 74 product lines (Container bci/openjdk, Container bci/openjdk-devel, … (74 product lines)): Fixed 314, Known Affected 231, Known Not Affected 5.
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.