Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-4160

Published: 21/01/2014 Updated: 22/01/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Littlecms

Vulnerability Summary

Little CMS (lcms2) prior to 2.5, as used in OpenJDK 7 and possibly other products, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

Vulnerable Product Search on Vulmon Subscribe to Product

littlecms little cms color engine 1.13

littlecms little cms color engine 1.12

littlecms little cms color engine 1.11

littlecms little cms color engine 1.19

littlecms little cms color engine 1.18

littlecms little cms color engine 2.2

littlecms little cms color engine 2.3

littlecms little cms color engine

littlecms little cms color engine 1.10

littlecms little cms color engine 1.09

littlecms little cms color engine 1.16

littlecms little cms color engine 1.14

littlecms little cms color engine 1.07

littlecms little cms color engine 2.1

littlecms little cms color engine 1.17

littlecms little cms color engine 1.15

littlecms little cms color engine 1.08

littlecms little cms color engine 2.0

Vendor Advisories

Debian CVElist Bug Report Logs: lcms2 needs security updates found in the last openjdk-7 security updates (CVE-2013-4160)
Debian Bug report logs - #714529 lcms2 needs security updates found in the last openjdk-7 security updates (CVE-2013-4160) Package: lcms2; Maintainer for lcms2 is Thomas Weber <tweber@debianorg>; Reported by: Matthias Klose <doko@debianorg> Date: Sun, 30 Jun 2013 13:36:17 UTC Severity: serious Tags: fixed, jessie, ...
Debian CVElist Bug Report Logs: liblcms1: CVE-2013-4276: Buffer overflows in Little CMS v1.19
Debian Bug report logs - #718682 liblcms1: CVE-2013-4276: Buffer overflows in Little CMS v119 Package: liblcms1; Maintainer for liblcms1 is (unknown); Reported by: Pedro R <pedrib@gmailcom> Date: Sun, 4 Aug 2013 09:39:02 UTC Severity: grave Tags: patch, security, upstream Found in version 119 Fixed in version lcms/11 ...
Ubuntu Security Notice: ghostscript vulnerability
Ghostscript could be made to crash if it opened a specially crafted file ...
Ubuntu Security Notice: lcms2 vulnerability
Little CMS could be made to crash if it opened a specially crafted file ...

References

NVD-CWE-Otherhttp://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.htmlhttp://openwall.com/lists/oss-security/2013/07/18/7http://www.ubuntu.com/usn/USN-1911-1https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9https://bugzilla.novell.com/show_bug.cgi?id=826097#c9http://openwall.com/lists/oss-security/2013/07/22/1https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714529https://usn.ubuntu.com/1911-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook