CVE-2013-4160

2013-07-2200:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.6%

JSON

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other
products, allows remote attackers to cause a denial of service (NULL
pointer dereference and crash) via vectors related to (1)
cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3)
cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714529>

Notes

Author	Note
jdstrand	OpenJDK issue 8007925 does not affect lcms (code not present) OpenJDK issue 8007926 does not affect lcms (code not present) OpenJDK issue 8007927 does not affect lcms (code not present) OpenJDK issue 8007929 does not affect lcms (code not present) OpenJDK issue 8009654 does not affect lcms (code not present)

OSVersionArchitecturePackageVersionFilename
ubuntu13.04noarchghostscript< 9.07~dfsg2-0ubuntu3.1UNKNOWN
ubuntu12.04noarchlcms2< 2.2+git20110628-2ubuntu3.1UNKNOWN
ubuntu12.10noarchlcms2< 2.2+git20110628-2ubuntu4.1UNKNOWN
ubuntu13.04noarchlcms2< 2.4-0ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	13.04	noarch	ghostscript	< 9.07~dfsg2-0ubuntu3.1	UNKNOWN
ubuntu	12.04	noarch	lcms2	< 2.2+git20110628-2ubuntu3.1	UNKNOWN
ubuntu	12.10	noarch	lcms2	< 2.2+git20110628-2ubuntu4.1	UNKNOWN
ubuntu	13.04	noarch	lcms2	< 2.4-0ubuntu3.1	UNKNOWN