CVE-2013-4160

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
littlecmslittle_cms_color_engine
𝑥
≤ 2.4
littlecmslittle_cms_color_engine
1.07
littlecmslittle_cms_color_engine
1.08
littlecmslittle_cms_color_engine
1.09
littlecmslittle_cms_color_engine
1.10
littlecmslittle_cms_color_engine
1.11
littlecmslittle_cms_color_engine
1.12
littlecmslittle_cms_color_engine
1.13
littlecmslittle_cms_color_engine
1.14
littlecmslittle_cms_color_engine
1.15
littlecmslittle_cms_color_engine
1.16
littlecmslittle_cms_color_engine
1.17
littlecmslittle_cms_color_engine
1.18
littlecmslittle_cms_color_engine
1.19
littlecmslittle_cms_color_engine
2.0
littlecmslittle_cms_color_engine
2.1
littlecmslittle_cms_color_engine
2.2
littlecmslittle_cms_color_engine
2.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lcms2
bullseye
2.12~rc1-2
fixed
squeeze
no-dsa
bookworm
2.14-2
fixed
sid
2.16-2
fixed
trixie
2.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
raring
Fixed 9.07~dfsg2-0ubuntu3.1
released
quantal
not-affected
precise
not-affected
lucid
not-affected
lcms
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
not-affected
lcms2
raring
Fixed 2.4-0ubuntu3.1
released
quantal
Fixed 2.2+git20110628-2ubuntu4.1
released
precise
Fixed 2.2+git20110628-2ubuntu3.1
released
lucid
dne
References
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html
http://openwall.com/lists/oss-security/2013/07/18/7
http://openwall.com/lists/oss-security/2013/07/22/1
http://www.ubuntu.com/usn/USN-1911-1
https://bugzilla.novell.com/show_bug.cgi?id=826097#c9
https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html
http://openwall.com/lists/oss-security/2013/07/18/7
http://openwall.com/lists/oss-security/2013/07/22/1
http://www.ubuntu.com/usn/USN-1911-1
https://bugzilla.novell.com/show_bug.cgi?id=826097#c9
https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9