CVE-2018-11555

Name of the Vulnerable Software and Affected Versions Little CMS version 2.9

Description The issue is related to an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a. This can be triggered via a crafted TIFF file. However, it's noted that the Little CMS developers do not consider this a vulnerability of the lcms2 library itself, as the issue is based on a sample program using LIBTIFF and does not apply to the lcms2 library.

Recommendations For Little CMS version 2.9, consider avoiding the use of crafted TIFF files that could trigger the out-of-bounds write in the PrecalculatedXFORM function until further clarification or resolution is provided by the developers.