Vulnerability Details : CVE-2013-7455
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2013-7455
- cpe:2.3:a:littlecms:little_cms_color_engine:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-7455
2.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7455
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2013-7455
-
http://www.kb.cert.org/vuls/id/369800
VU#369800 - Little CMS 2 DefaultICCintents double-free vulnerabilityThird Party Advisory;US Government Resource
-
http://www.ubuntu.com/usn/USN-2961-1
USN-2961-1: Little CMS vulnerability | Ubuntu security notices
-
https://penteston.com/OSVDB-105462
404 - Page Not Found
-
https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
Fix a double free on error recovering · mm2/Little-CMS@fefaaa4 · GitHub
Jump to