CVE-2018-16435
The MITRE CVE dictionary describes this issue as:
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
Find out more about CVE-2018-16435 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 5.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux Supplementary (v. 6) (chromium-browser) | RHSA-2018:3004 | 2018-10-24 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat OpenShift Container Platform 3.9 | mediawiki-123 | Under investigation |
| Red Hat OpenShift Container Platform 3.7 | mediawiki-123 | Under investigation |
| Red Hat OpenShift Container Platform 3.6 | mediawiki-123 | Under investigation |
| Red Hat Enterprise Linux 7 | java-1.8.0-openjdk | Under investigation |
| Red Hat Enterprise Linux 7 | lcms2 | Under investigation |
| Red Hat Enterprise Linux 7 | java-1.7.0-openjdk | Under investigation |
| Red Hat Enterprise Linux 6 | java-1.7.0-openjdk | Under investigation |
| Red Hat Enterprise Linux 6 | libreoffice | Under investigation |
| Red Hat Enterprise Linux 6 | java-1.8.0-openjdk | Under investigation |
| Red Hat Enterprise Linux 5 | java-1.7.0-openjdk | Under investigation |
CVE description copyright © 2017, The MITRE Corporation