Home  >  CVE-2013-7455
CVE Details for CVE: CVE-2013-7455
Summary
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
Timestamps
Last major update 01-12-2016 - 02:59
Published 07-05-2016 - 10:59
Last modified 01-12-2016 - 02:59
References
Vulnerable Configurations
  • cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms_color_engine:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms_color_engine:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms_color_engine:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms_color_engine:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms_color_engine:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms_color_engine:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms_color_engine:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms_color_engine:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:littlecms:little_cms_color_engine:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:littlecms:little_cms_color_engine:2.3:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
10.0
Impact
10.0
Exploitability
10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
CVSS3
Base
9.8
Impact
5.9
Exploitability
3.9
Access
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK NONE UNCHANGED NONE
Impact
ConfidentialityIntegrityAvailability
HIGH HIGH HIGH
VIA4 references
cvss-vector via4
AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss3-vector via4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
refmap via4
cert-vn VU#369800
confirm https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
misc https://penteston.com/OSVDB-105462
ubuntu USN-2961-1