suse · CVE-2018-16435

Quick triage

Priority: medium Published: 2021-05-30 14:16:31 UTC Updated: 2026-04-17 15:17:44 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-16435 severity moderate: SUSE including 309 source package names (11:liblcms2-2-2.9-3.3.1, 9.0.97-openjdk8-59.4:java-1_8_0-openjdk-1.8.0.191-3.13.1, …), 550 product×package rows across 74 product lines (Container bci/openjdk, Container bci/openjdk-devel, … (74 product lines)): Fixed 314, Known Affected 231, Known Not Affected 5.

Description:

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

cvelogic Threat Intelligence