Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Little CMS is an open-source color management engine that supports the International Color Consortium (ICC) standard. Little CMS 2.5 and earlier 2.x versions (liblcms2) contain a double-free vulnerability in the DefaultICCintents() function, which is provided in cmscnvrt.c. When the "Lut" cmsPipeline object is freed more than once, this can result in an exploitable memory corruption situation.
Although this issue was addressed in 2013, it was not assigned a CVE identifier at that time. Because of this, some vendors may not have upgraded liblcms2 to a version that contains the fix for this vulnerability.
By causing an application to process a malformed ICC profile, a remote, unauthenticated attacker may be able to cause arbitrary code execution with the privileges of the application that uses the Little CMS library. Exploitability of the vulnerability depends on how the application uses liblcms2 and what capabilities are exposed to an attacker.
Apply an update
Arch Linux Affected
Debian GNU/Linux Affected
Fedora Project Affected
Gentoo Linux Affected
Red Hat, Inc. Affected
SUSE Linux Affected
Slackware Linux Inc. Affected
openSUSE project Affected
Arista Networks, Inc. Not Affected
Lenovo Not Affected
DragonFly BSD Project Unknown
EMC Corporation Unknown
F5 Networks, Inc. Unknown
FreeBSD Project Unknown
Hardened BSD Unknown
Hewlett Packard Enterprise Unknown
IBM Corporation Unknown
Juniper Networks Unknown
Microsoft Corporation Unknown
NEC Corporation Unknown
Openwall GNU/*/Linux Unknown
Oracle Corporation Unknown
QNX Software Systems Inc. Unknown
Sony Corporation Unknown
This vulnerability was corrected in 2013 by Marti Maria, and was independently discovered by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2016-05-04|
|Date Last Updated:||2016-05-04 21:07 UTC|