QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4160

Published: Jan 21, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20130718 CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2

mailing-list

x_refsource_MLIST

[distro-pkg-dev] 20130708 [SECURITY] IcedTea 2.4.1 for OpenJDK 7 Released!

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9

x_refsource_MISC

https://bugzilla.novell.com/show_bug.cgi?id=826097#c9

x_refsource_MISC

[oss-security] 20130722 Re: CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.