Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4160

Опубликовано: 21 янв. 2014
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

Комментарий

Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476: NULL Pointer Dereference"

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*
Версия до 2.4 (включая)
cpe:2.3:a:littlecms:little_cms_color_engine:1.07:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.08:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.09:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.10:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.11:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.12:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.13:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.14:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.15:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.16:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.17:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.18:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:1.19:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:2.1:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:2.2:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:little_cms_color_engine:2.3:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01102
Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2013-4160

ubuntu
около 12 лет назад

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

redhat логотип

CVE-2013-4160

redhat
больше 12 лет назад

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

debian логотип

CVE-2013-4160

debian
около 12 лет назад

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other ...

github логотип

GHSA-6pgf-c4h7-m3qm

github
больше 3 лет назад

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

EPSS

Процентиль: 78%
0.01102
Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other