Jump to:

CVE-2013-7455

Jump to:

CVE-2013-7455

Package liblcms2 updated to version 2.6-alt1 for branch sisyphus in task 119331.

Published: 2016-05-07
Modified: 2024-11-21

CVE-2013-7455

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

VU#369800
VU#369800
USN-2961-1
USN-2961-1
https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
https://penteston.com/OSVDB-105462
https://penteston.com/OSVDB-105462

Version: 2.1.0

Package liblcms2 update in sisyphus on 2014-05-07

ALT-PU-2014-1596-1

Closed vulnerabilities

CVE-2013-7455