Back
CVE-2013-7455
CRITICAL
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
Published: May 7, 2016
Modified: May 6, 2026
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (6)
| Vendor | Product | Version |
|---|---|---|
| littlecms | little_cms_color_engine | 2.0 |
| littlecms | little_cms_color_engine | 2.1 |
| littlecms | little_cms_color_engine | 2.2 |
| littlecms | little_cms_color_engine | 2.3 |
| littlecms | little_cms_color_engine | 2.4 |
| littlecms | little_cms_color_engine | 2.5 |
GitHub Security Advisory GHSA-wv94-377g-rv89
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little...
References (8)
- http://www.kb.cert.org/vuls/id/369800 Third Party Advisory, US Government Resource
- http://www.ubuntu.com/usn/USN-2961-1
- https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
- https://penteston.com/OSVDB-105462
- http://www.kb.cert.org/vuls/id/369800 Third Party Advisory, US Government Resource
- http://www.ubuntu.com/usn/USN-2961-1
- https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db
- https://penteston.com/OSVDB-105462
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
6.23%
Top 7% most likely to be exploited
Threat Score
41.1 / 100
Data Sources
NVD
EPSS
GitHub