CVE-2013-4160

Littlecms Little Cms Color Engine < 2.4 - Denial of Service

Title source: rule
STIX 2.1

Description

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2013/07/18/7
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1911-1
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2013/07/22/1

Scores

EPSS 0.0110
EPSS Percentile 78.2%

Details

Status published
Products (18)
littlecms/little_cms_color_engine 1.07
littlecms/little_cms_color_engine 1.08
littlecms/little_cms_color_engine 1.09
littlecms/little_cms_color_engine 1.10
littlecms/little_cms_color_engine 1.11
littlecms/little_cms_color_engine 1.12
littlecms/little_cms_color_engine 1.13
littlecms/little_cms_color_engine 1.14
littlecms/little_cms_color_engine 1.15
littlecms/little_cms_color_engine 1.16
... and 8 more
Published Jan 21, 2014
Tracked Since Feb 18, 2026