Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Little_cms_color_engine | Littlecms | 2.2 | 2.2 |
Little_cms_color_engine | Littlecms | 2.0 | 2.0 |
Little_cms_color_engine | Littlecms | 2.1 | 2.1 |
Little_cms_color_engine | Littlecms | 2.4 | 2.4 |
Little_cms_color_engine | Littlecms | 2.5 | 2.5 |
Little_cms_color_engine | Littlecms | 2.3 | 2.3 |