Описание
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | gs uses system liblcms2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [gs uses system liblcms2]] |
| esm-infra/xenial | not-affected | gs uses system liblcms2 |
| precise | not-affected | code not present |
| trusty | not-affected | gs uses system liblcms2 |
| trusty/esm | DNE | trusty was not-affected [gs uses system liblcms2] |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected | gs uses system liblcms2 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.5 only |
| esm-infra-legacy/trusty | released | 2.5-0ubuntu4.1 |
| esm-infra/xenial | not-affected | 2.5 only |
| precise | not-affected | 2.5 only |
| trusty | released | 2.5-0ubuntu4.1 |
| trusty/esm | released | 2.5-0ubuntu4.1 |
| upstream | released | 2.6 |
| vivid/stable-phone-overlay | not-affected | 2.5 only |
| vivid/ubuntu-core | DNE | |
| wily | not-affected | 2.5 only |
Показывать по
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
Double free vulnerability in the DefaultICCintents function in cmscnvr ...
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3