CVE-2013-4160
Published: 22 July 2013
Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.
Notes
Author | Note |
---|---|
jdstrand | OpenJDK issue 8007925 does not affect lcms (code not present) OpenJDK issue 8007926 does not affect lcms (code not present) OpenJDK issue 8007927 does not affect lcms (code not present) OpenJDK issue 8007929 does not affect lcms (code not present) OpenJDK issue 8009654 does not affect lcms (code not present) |
Priority
Status
Package | Release | Status |
---|---|---|
ghostscript Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code not present)
|
precise |
Not vulnerable
(code not present)
|
|
quantal |
Not vulnerable
(code not present)
|
|
raring |
Released
(9.07~dfsg2-0ubuntu3.1)
|
|
upstream |
Needs triage
|
|
lcms Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code-not-present)
|
precise |
Not vulnerable
(code-not-present)
|
|
quantal |
Not vulnerable
(code-not-present)
|
|
raring |
Not vulnerable
(code-not-present)
|
|
upstream |
Needs triage
|
|
lcms2 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(2.2+git20110628-2ubuntu3.1)
|
|
quantal |
Released
(2.2+git20110628-2ubuntu4.1)
|
|
raring |
Released
(2.4-0ubuntu3.1)
|
|
upstream |
Released
(2.5)
|
References
- https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9
- https://bugzilla.novell.com/show_bug.cgi?id=826097#c9
- http://www.openwall.com/lists/oss-security/2013/07/22
- https://ubuntu.com/security/notices/USN-1911-1
- https://ubuntu.com/security/notices/USN-1911-2
- https://www.cve.org/CVERecord?id=CVE-2013-4160
- NVD
- Launchpad
- Debian