Vulnerability Details CVE-2013-7455
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.152
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://www.kb.cert.org/vuls/id/369800
- http://www.ubuntu.com/usn/USN-2961-1
- https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
- https://penteston.com/OSVDB-105462
- http://www.kb.cert.org/vuls/id/369800
- http://www.ubuntu.com/usn/USN-2961-1
- https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
- https://penteston.com/OSVDB-105462
Products affected by CVE-2013-7455
-
cpe:2.3:a:littlecms:little_cms_color_engine:2.0
-
cpe:2.3:a:littlecms:little_cms_color_engine:2.1
-
cpe:2.3:a:littlecms:little_cms_color_engine:2.2
-
cpe:2.3:a:littlecms:little_cms_color_engine:2.3
-
cpe:2.3:a:littlecms:little_cms_color_engine:2.4
-
cpe:2.3:a:littlecms:little_cms_color_engine:2.5