CVE-2013-7455

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
littlecmslittle_cms_color_engine
2.0
littlecmslittle_cms_color_engine
2.1
littlecmslittle_cms_color_engine
2.2
littlecmslittle_cms_color_engine
2.3
littlecmslittle_cms_color_engine
2.4
littlecmslittle_cms_color_engine
2.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lcms2
bullseye
2.12~rc1-2
fixed
wheezy
not-affected
bookworm
2.14-2
fixed
sid
2.16-2
fixed
trixie
2.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
xenial
not-affected
wily
not-affected
trusty
dne
precise
not-affected
lcms2
xenial
not-affected
wily
not-affected
trusty
Fixed 2.5-0ubuntu4.1
released
precise
not-affected
References
http://www.kb.cert.org/vuls/id/369800
http://www.ubuntu.com/usn/USN-2961-1
https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
https://penteston.com/OSVDB-105462
http://www.kb.cert.org/vuls/id/369800
http://www.ubuntu.com/usn/USN-2961-1
https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
https://penteston.com/OSVDB-105462