What is the Little CMS color engine?
This is an OPEN SOURCE small-footprint color management engine, with special focus on accuracy and performance. It uses the International Color Consortium standard (ICC), which is the modern standard when regarding to color management. The ICC specification is widely used and is referred to in many International and other de-facto standards. It was approved as an International Standard, ISO 15076-1, in 2005.
The Little CMS color engine:
- Is a software component for programmers.
- Is FREE and does include “C” SOURCE CODE.
- Deals with color management stuff.
- Is a CMM engine; it implements fast transforms between ICC profiles.
- Is a Standalone engine; it doesn’t need ICM or ColorSync to work.
- Is Widely portable across many platforms.
- Is A FULL IMPLEMENTATION of ICC specification 4.3, supports all kind of V2 and V4 profiles.
- Is Distributed under the MIT license agreement
Precompiled packages - May point to previous versions
- Ubuntu (launchpad).
- Free BSD.
- Free BSD (freshports).
- Sgi IRIX.
- Open Solaris . – Thanks to Stefan Teleman
- OpenCSW or Solaris 9/10, Sparc and i386. – Thanks to Dagobert Michelsen
- Fedora 17, 18 and rawhide. – Thanks to Richard Hughes
- T2 SDE. – Thanks to René Rebe
- Solaris 10 and 11 for SPARC and x86 . – Thanks to Steve Christensen
- Manjaro ArchLinux.
- Linux from scratch.
- Alpine linux.
- Tutorial - read this first.
- User manual - API Reference.
- Plug-in reference (advanced)
- CIC 18 paper on unbounded mode.
- Black point compensation testing.
Little CMS color engine adds basic ICC profile support. Then you can use the profiles to prepare a bitmap for display, keeping the original image colors. It is also useful for quickly converting between color spaces. The engine can also generate accurate separations based on the target printer, or inversely it can recover RGB data from a stored separation. Another use is to “Proof” an image, showing the final colors as they would be rendered on a specific device.
- Widely portable. Written in C99. C++ is supported too.
- Easy to use.
- Handles a wide range of pixel formats.
- Supports all kind of profiles, including named color.
- Can write profiles as well.
- PostScript CSA and CRD generation.
- Full multicolor support, up to 15 inks.
- Black point compensation.
- Black preservation on CMYK.
- Handles incomplete state of adaptation on absolute intents.
- Softproofing.Gamut checking.
- CIECAM02 appearance model.
- CGATS.17-200x support.
- ICC floating point extension.
- Many, many more…
A bit of story
Since the initial release, back in 1998, Little CMS has grown to become one of the most popular color management libraries, and has been used in a large number of projects, in areas as printer firmware, monitors, digital cameras, RIPs, publishing, scientific, and many others. Today, you can find Little CMS in most Linux distributions. Probably it is embedded into devices you use everyday.
To the question, Is this software really free? as long as you abide by the licensing conditions, yes. It is free under the MIT license agreement. You can use Little CMS in your commercial apps, too. The license requires a pointer referencing the copyright, so you can add a file in your distribution disk saying that your product uses Little CMS, and the copyright notice. That’s all. Of course, if you use the package and can improve on it, then your contribution will be welcome, but please note this is not required. However, you should consider the maintenance overhead of keeping your own custom version of Little CMS, versus the advantages you might get from participating in the community, such as bugfixes and extensions that others may make on top of yours.
To abide by the MIT license, simply include our license text somewhere in your own software distribution; this could be in a text file, in a printed manual, in the credits, etc.
LittleCMS is located deep in the Linux dependency tree. So, security issues are real and should be addressed. The proposed process is quite simple, if you detect a potential security issue and you are able to create a patch, please send us the patch to analyse. We have an extensive test bed of apps and utilities using lcms, so we can check if all those goes fine. If you don’t want to create a patch and only want to report the vulnerability, thats ok too and we will be very gratefull. Please contact us.
Please avoid advisories if possible, as doing that, hints how to use the flaw for malicious use.
Please don’t make noise to gain popularity, this can result in bad karma to you. Any CVE without reliable proof will be promptly disputed.
Please don’t use untrusted patches from 3rd parties. We had an incident years ago with so called “security experts” trying to add a back door by using a crafted patch.
Credits to vulnerability busters will be given on each release
After the patch proves to be harmless, I will send to the mailing list a signed mail with the patch attached. That is, you got a patch from upstream that upstream claims to be reasonably tested. I will apply the same checks that I do before a normal release. Please understand that this is a lot of work, and obviously it can fail as well, so the “no guarantee” clause of MIT license applies. If you choose to redistribute such patches, please make sure to include the mail, or at least the MIT license. By including the MIT license you prevent to get in legal trouble.