Published: 17/05/2007 Updated: 29/07/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in Little CMS (lcms) prior to 1.15 allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
littlecms lcms 1.07
littlecms lcms 1.13
littlecms lcms
littlecms lcms 1.11
littlecms lcms 1.12
littlecms lcms 1.08
littlecms lcms 1.09
littlecms lcms 1.10

Chris Evans discovered that certain ICC operations in lcms were not correctly bounds-checked If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could crash applications linked against liblcms1, leading to a denial of service, or possibly execute arbitrary code with user privileges ...

CWE-119 http://scary.beasts.org/security/CESA-2007-001.html http://www.securityfocus.com/bid/24001 http://secunia.com/advisories/25294 http://www.mandriva.com/security/advisories?name=MDKSA-2007:238 http://www.novell.com/linux/security/advisories/2007_24_sr.html http://secunia.com/advisories/27756 http://www.ubuntu.com/usn/usn-652-1 http://secunia.com/advisories/32282 http://www.vupen.com/english/advisories/2007/1837 http://osvdb.org/36179 https://exchange.xforce.ibmcloud.com/vulnerabilities/34331 https://usn.ubuntu.com/652-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-2741

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect