CVE-2013-7455 (retired)

Priority
Description
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c
in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute
arbitrary code via a malformed ICC profile that triggers an error in the
default intent handler.
Ubuntu-Description
It was discovered that a double free() could occur when the intent
handling code in the Little CMS library detected an error. An
attacker could use this to specially craft a file that caused an
application using the Little CMS library to crash or possibly
execute arbitrary code.
Notes
 jdstrand> ghostscript 9.07 in Ubuntu 13.04+ uses an embedded copy of lcms2
 sbeattie> affects lcms2 2.5 only
Assigned-to
sbeattie
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (gs uses system liblcms2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (gs uses system liblcms2)
Package
Source: lcms2 (LP Ubuntu Debian)
Upstream:released (2.6)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.5-0ubuntu4.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.5 only)
More Information

Updated: 2019-03-26 12:11:48 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)