Vulnerabilities > CVE-2013-7455 - Double Free Remote Code Execution vulnerability in Little CMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler. <a href="http://cwe.mitre.org/data/definitions/415.html">CWE-415: Double Free</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Nessus
| NASL family | Ubuntu Local Security Checks |
| NASL id | UBUNTU_USN-2961-1.NASL |
| description | It was discovered that a double free() could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to specially craft a file that caused an application using the Little CMS library to crash or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 90916 |
| published | 2016-05-05 |
| reporter | Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/90916 |
| title | Ubuntu 14.04 LTS : lcms2 vulnerability (USN-2961-1) |