Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Little_cms_color_engine | Littlecms | 1.07 | 1.07 |
Little_cms_color_engine | Littlecms | 1.08 | 1.08 |
Little_cms_color_engine | Littlecms | 1.09 | 1.09 |
Little_cms_color_engine | Littlecms | 1.10 | 1.10 |
Little_cms_color_engine | Littlecms | 1.11 | 1.11 |
Little_cms_color_engine | Littlecms | 1.12 | 1.12 |
Little_cms_color_engine | Littlecms | 1.13 | 1.13 |
Little_cms_color_engine | Littlecms | 1.14 | 1.14 |
Little_cms_color_engine | Littlecms | 1.15 | 1.15 |
Little_cms_color_engine | Littlecms | 1.16 | 1.16 |
Little_cms_color_engine | Littlecms | 1.17 | 1.17 |
Little_cms_color_engine | Littlecms | 1.18 | 1.18 |
Little_cms_color_engine | Littlecms | 1.19 | 1.19 |
Little_cms_color_engine | Littlecms | 2.0 | 2.0 |
Little_cms_color_engine | Littlecms | 2.1 | 2.1 |
Little_cms_color_engine | Littlecms | 2.2 | 2.2 |
Little_cms_color_engine | Littlecms | 2.3 | 2.3 |
Little_cms_color_engine | Littlecms | * | 2.4 |
Ghostscript | Ubuntu | devel | * |
Ghostscript | Ubuntu | raring | * |
Lcms2 | Ubuntu | precise | * |
Lcms2 | Ubuntu | quantal | * |
Lcms2 | Ubuntu | raring | * |
Lcms2 | Ubuntu | upstream | * |