CVE Vulnerabilities

CVE-2013-4160

Published: Jan 21, 2014 | Modified: Jan 22, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
4.6 MODERATE
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

Affected Software

Name Vendor Start Version End Version
Little_cms_color_engine Littlecms 1.07 1.07
Little_cms_color_engine Littlecms 1.08 1.08
Little_cms_color_engine Littlecms 1.09 1.09
Little_cms_color_engine Littlecms 1.10 1.10
Little_cms_color_engine Littlecms 1.11 1.11
Little_cms_color_engine Littlecms 1.12 1.12
Little_cms_color_engine Littlecms 1.13 1.13
Little_cms_color_engine Littlecms 1.14 1.14
Little_cms_color_engine Littlecms 1.15 1.15
Little_cms_color_engine Littlecms 1.16 1.16
Little_cms_color_engine Littlecms 1.17 1.17
Little_cms_color_engine Littlecms 1.18 1.18
Little_cms_color_engine Littlecms 1.19 1.19
Little_cms_color_engine Littlecms 2.0 2.0
Little_cms_color_engine Littlecms 2.1 2.1
Little_cms_color_engine Littlecms 2.2 2.2
Little_cms_color_engine Littlecms 2.3 2.3
Little_cms_color_engine Littlecms * 2.4
Ghostscript Ubuntu devel *
Ghostscript Ubuntu raring *
Lcms2 Ubuntu precise *
Lcms2 Ubuntu quantal *
Lcms2 Ubuntu raring *
Lcms2 Ubuntu upstream *

References