PT-2025-14383 · Lcms2 · Lcms2
Published
2025-04-01
·
Updated
2025-04-05
·
CVE-2025-29069
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
lcms2 version 2.16
Description
A heap buffer overflow issue has been identified in the UnrollChunkyBytes function in cmspack.c, which handles color space transformations. This issue is disputed by the supplier, who claims it is a bug in a third-party calling program, not in lcms2.
Recommendations
For lcms2 version 2.16, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lcms2