Vulnerabilities > CVE-2013-7455 - Unspecified vulnerability in Littlecms Little CMS Color Engine

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
littlecms
critical
nessus

Summary

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.

Nessus

NASL familyUbuntu Local Security Checks
NASL idUBUNTU_USN-2961-1.NASL
descriptionIt was discovered that a double free() could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to specially craft a file that caused an application using the Little CMS library to crash or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen2020-06-01
modified2020-06-02
plugin id90916
published2016-05-05
reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/90916
titleUbuntu 14.04 LTS : lcms2 vulnerability (USN-2961-1)