Vulnerability Description
Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Argyllcms | Argyllcms | <= 1.3.7 |
| Color | Icclib | <= 2.11 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html
- http://secunia.com/advisories/48921Vendor Advisory
- http://secunia.com/advisories/49602Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201206-04.xml
- http://www.argyllcms.com/icc_readme.html
- http://www.osvdb.org/81617
- http://www.securityfocus.com/bid/53240
- https://bugzilla.redhat.com/show_bug.cgi?id=809697
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75162
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079762.html
- http://secunia.com/advisories/48921Vendor Advisory
- http://secunia.com/advisories/49602Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201206-04.xml
- http://www.argyllcms.com/icc_readme.html
- http://www.osvdb.org/81617
FAQ
What is CVE-2012-1616?
CVE-2012-1616 is a vulnerability with a CVSS score of 9.3 (HIGH). Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code...
How severe is CVE-2012-1616?
CVE-2012-1616 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1616?
Check the references section above for vendor advisories and patch information. Affected products include: Argyllcms Argyllcms, Color Icclib.