CVE-2013-4160
Description
Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.
Risk Information
Base Score
7.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.102
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Little CMS 2 color management library (USN-1911-1) liblcms2-2_2.2+git20110628-2ubuntu3.1_i386.deb | Linux |
| Little CMS 2 color management library (USN-1911-1) liblcms2-2_2.2+git20110628-2ubuntu3.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234