fkie_cve-2013-4160
Vulnerability from fkie_nvd
Published
2014-01-21 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F816A42-21C7-4BC4-AAC9-5373366128B1",
"versionEndIncluding": "2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E1F2A4-2D67-4442-991B-BDD66DFD0A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "57F07310-A04B-49F3-B0F8-3B2BD1A70555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "F433BC9D-C6B2-446D-976C-7A4BB4F2F668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F153ED4-BC68-44F1-A8E6-284FDCD4D7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7287F9F3-504E-4DB7-B189-B11DB0A9890C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0D086B58-D972-461D-A7D3-F12CDFD3845E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F21DB4-D8CA-48F0-9EFE-4F1D90108663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "041BE71F-DCDC-47A7-8FF5-1B9A97FDB324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "650BF28E-8D28-45C0-99C2-D6B78AA9BE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF93C4A-D7FD-4DCB-BC46-2E43E644CA47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3D3FD4-37CD-41E8-B206-CC3A2F01C0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "82B95E7A-909A-4C93-A4EF-CE9E9709CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "EB31D244-CEE0-4E5F-813C-3AA850349D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A95BCF6-024D-437A-B63C-5C164344D3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "196E282E-A45A-4E3A-B66D-CC4ED40F2610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA931F1-E407-471D-97EA-758CE2B535F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D2A8BE-7090-4473-9FAA-DBA6E3C5C241",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed."
},
{
"lang": "es",
"value": "Little CMS (lcms2) anterior a la versi\u00f3n 2.5, tal como se usa en OpenJDK 7 y posiblemente otros productos, permite a a atacantes remotos provocar una denegaci\u00f3n de servicio (dereferencia a puntero nulo y ca\u00edda) a trav\u00e9s de vectores relacionados con (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, y (5) cmsnamed."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html \"CWE-476: NULL Pointer Dereference\"",
"id": "CVE-2013-4160",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-21T18:55:09.537",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2013/07/18/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2013/07/22/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1911-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/07/18/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/07/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1911-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=826097#c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…