摘要:
A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color management, is there only as a helper for low-level programming and investigation."
安全等级: Low
公告ID: KylinSec-SA-2025-2362
发布日期: 2025年4月20日
关联CVE: CVE-2025-29070
在lcms2-2.16的cmsgamma.c文件中,smooth2()函数被发现存在堆缓冲区溢出漏洞,该漏洞可能被远程攻击者利用导致拒绝服务。
注:供应商对此提出异议,理由是"该漏洞实际上不可利用,因为在常规色彩管理流程中不会调用此函数,它仅作为底层编程和研究的辅助工具存在"。
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-29070 | KY3.4-5 | lcms2 | Unaffected |
| CVE-2025-29070 | V6 | lcms2 | Unaffected |
