CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
85.1%
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in
Little cms color engine (aka lcms) before 1.17 allows attackers to have an
unknown impact via a file containing a certain “number of entries” value,
which is interpreted improperly, leading to an allocation of insufficient
memory.