Overview
Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Little CMS is an open-source color management engine that supports the International Color Consortium (ICC) standard. Little CMS 2.5 and earlier 2.x versions (liblcms2) contain a double-free vulnerability in the DefaultICCintents() function, which is provided in cmscnvrt.c. When the "Lut" cmsPipeline object is freed more than once, this can result in an exploitable memory corruption situation. Although this issue was addressed in 2013, it was not assigned a CVE identifier at that time. Because of this, some vendors may not have upgraded liblcms2 to a version that contains the fix for this vulnerability. |
Impact
By causing an application to process a malformed ICC profile, a remote, unauthenticated attacker may be able to cause arbitrary code execution with the privileges of the application that uses the Little CMS library. Exploitability of the vulnerability depends on how the application uses liblcms2 and what capabilities are exposed to an attacker. |
Solution
Apply an update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 7.4 | E:U/RL:OF/RC:C |
| Environmental | 7.4 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
This vulnerability was corrected in 2013 by Marti Maria, and was independently discovered by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2013-7455 |
| Date Public: | 2013-07-10 |
| Date First Published: | 2016-05-04 |
| Date Last Updated: | 2016-05-04 21:07 UTC |
| Document Revision: | 17 |