Vulnerability Description
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Littlecms | Little Cms Color Engine | <= 1.19 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682Vendor Advisory
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00029.html
- http://www.openwall.com/lists/oss-security/2013/08/22/3Patch
- http://www.securityfocus.com/bid/61607
- https://bugzilla.redhat.com/show_bug.cgi?id=991757Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=992975Patch
- https://usn.ubuntu.com/3770-2/
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682Vendor Advisory
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00029.html
- http://www.openwall.com/lists/oss-security/2013/08/22/3Patch
- http://www.securityfocus.com/bid/61607
- https://bugzilla.redhat.com/show_bug.cgi?id=991757Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=992975Patch
FAQ
What is CVE-2013-4276?
CVE-2013-4276 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctran...
How severe is CVE-2013-4276?
CVE-2013-4276 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4276?
Check the references section above for vendor advisories and patch information. Affected products include: Littlecms Little Cms Color Engine.