Published: 07/05/2016 Updated: 01/12/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x prior to 2.6 allows remote malicious users to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.

Vulnerable Product	Search on Vulmon	Subscribe to Product
littlecms little cms color engine 2.0
littlecms little cms color engine 2.5
littlecms little cms color engine 2.2
littlecms little cms color engine 2.1
littlecms little cms color engine 2.4
littlecms little cms color engine 2.3

Applications using the Little CMS library could be made to crash or run programs as your login if it opened a specially crafted file ...

Double free vulnerability in the DefaultICCintents function in cmscnvrtc in liblcms2 in Little CMS 2x before 26 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler ...

NVD-CWE-Other http://www.kb.cert.org/vuls/id/369800 https://penteston.com/OSVDB-105462 https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db http://www.ubuntu.com/usn/USN-2961-1 https://usn.ubuntu.com/2961-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/369800

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-7455

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect