4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.029 Low
EPSS
Percentile
90.7%
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms)
1.19 and earlier allow remote attackers to cause a denial of service
(crash) via a crafted (1) ICC color profile to the icctrans utility or (2)
TIFF image to the tiffdiff utility.
Author | Note |
---|---|
jdstrand | ghostscript 9.07 in Ubuntu 13.04+ uses an embedded copy of lcms2 |
www.openwall.com/lists/oss-security/2013/08/22/3
bugzilla.redhat.com/show_bug.cgi?id=991757
bugzilla.redhat.com/show_bug.cgi?id=992975
launchpad.net/bugs/cve/CVE-2013-4276
nvd.nist.gov/vuln/detail/CVE-2013-4276
security-tracker.debian.org/tracker/CVE-2013-4276
ubuntu.com/security/notices/USN-3770-2
www.cve.org/CVERecord?id=CVE-2013-4276