CVE-2018-11556

Name of the Vulnerable Software and Affected Versions Little CMS version 2.9

Description The issue is related to an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a, which can be triggered via a crafted TIFF file. However, the Little CMS developers do not consider this a vulnerability in the lcms2 library itself, as it depends on LIBTIFF only for building sample programs and the issue cannot be reproduced on the lcms2 library.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.