CVE-2013-4276
Published: 28 September 2013
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.
Notes
| Author | Note |
|---|---|
| jdstrand | ghostscript 9.07 in Ubuntu 13.04+ uses an embedded copy of lcms2 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ghostscript Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
| bionic |
Not vulnerable
|
|
| cosmic |
Not vulnerable
|
|
| disco |
Not vulnerable
|
|
| lucid |
Not vulnerable
(code not present)
|
|
| precise |
Not vulnerable
(code not present)
|
|
| quantal |
Not vulnerable
(code not present)
|
|
| raring |
Not vulnerable
|
|
| saucy |
Not vulnerable
|
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Not vulnerable
|
|
| utopic |
Not vulnerable
|
|
| vivid |
Not vulnerable
|
|
| wily |
Not vulnerable
|
|
| xenial |
Not vulnerable
|
|
| yakkety |
Not vulnerable
|
|
| zesty |
Not vulnerable
|
|
|
lcms Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| lucid |
Ignored
(reached end-of-life)
|
|
| precise |
Ignored
(reached end-of-life)
|
|
| quantal |
Ignored
(reached end-of-life)
|
|
| raring |
Ignored
(reached end-of-life)
|
|
| saucy |
Ignored
(reached end-of-life)
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Ignored
(reached end-of-life)
|
|
| utopic |
Ignored
(reached end-of-life)
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
Patches: vendor: https://bugzilla.redhat.com/attachment.cgi?id=783274&action=diff |
||
| This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. | ||
|
lcms2 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
| bionic |
Not vulnerable
|
|
| cosmic |
Not vulnerable
|
|
| disco |
Not vulnerable
|
|
| lucid |
Does not exist
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Not vulnerable
|
|
| saucy |
Not vulnerable
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Not vulnerable
|
|
| utopic |
Not vulnerable
|
|
| vivid |
Not vulnerable
|
|
| wily |
Not vulnerable
|
|
| xenial |
Not vulnerable
|
|
| yakkety |
Not vulnerable
|
|
| zesty |
Not vulnerable
|
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276
- http://www.openwall.com/lists/oss-security/2013/08/22/3
- https://bugzilla.redhat.com/show_bug.cgi?id=991757
- https://bugzilla.redhat.com/show_bug.cgi?id=992975
- https://ubuntu.com/security/notices/USN-3770-2
- NVD
- Launchpad
- Debian