10 - VU#369800

Executive Summary

Summary
Title	Little CMS 2 DefaultICCintents double-free vulnerability

Informations
Name	VU#369800	First vendor Publication	2016-05-04
Vendor	VU-CERT	Last vendor Modification	2016-05-04
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#369800

Little CMS 2 DefaultICCintents double-free vulnerability

Original Release date: 04 May 2016 | Last revised: 04 May 2016

Overview

Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

Little CMS is an open-source color management engine that supports the International Color Consortium (ICC) standard. Little CMS 2.5 and earlier 2.x versions (liblcms2) contain a double-free vulnerability in the DefaultICCintents() function, which is provided in cmscnvrt.c. When the "Lut" cmsPipeline object is freed more than once, this can result in an exploitable memory corruption situation.

Although this issue was addressed in 2013, it was not assigned a CVE identifier at that time. Because of this, some vendors may not have upgraded liblcms2 to a version that contains the fix for this vulnerability.

Impact

By causing an application to process a malformed ICC profile, a remote, unauthenticated attacker may be able to cause arbitrary code execution with the privileges of the application that uses the Little CMS library. Exploitability of the vulnerability depends on how the application uses liblcms2 and what capabilities are exposed to an attacker.

Solution

Apply an update

This issue is resolved in Little CMS 2.6. Please check with your vendor for update availability.

Vendor Information (Learn More)

Vendor	Status	Date Notified	Date Updated
Arch Linux	Affected	29 Apr 2016	03 May 2016
CentOS	Affected	29 Apr 2016	04 May 2016
Debian GNU/Linux	Affected	29 Apr 2016	04 May 2016
Fedora Project	Affected	29 Apr 2016	04 May 2016
Gentoo Linux	Affected	29 Apr 2016	04 May 2016
openSUSE project	Affected	29 Apr 2016	04 May 2016
Red Hat, Inc.	Affected	29 Apr 2016	04 May 2016
Slackware Linux Inc.	Affected	29 Apr 2016	04 May 2016
SUSE Linux	Affected	29 Apr 2016	04 May 2016
Turbolinux	Affected	29 Apr 2016	04 May 2016
Ubuntu	Affected	29 Apr 2016	04 May 2016
Arista Networks, Inc.	Not Affected	29 Apr 2016	02 May 2016
Lenovo	Not Affected	02 May 2016	03 May 2016
Apple	Unknown	29 Apr 2016	29 Apr 2016
CoreOS	Unknown	29 Apr 2016	29 Apr 2016

If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group	Score	Vector
Base	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal	7.4	E:U/RL:OF/RC:C
Environmental	7.4	CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

http://www.littlecms.com/
https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db#diff-189a94f0a7a47efdd43f5567e27a973b
https://penteston.com/OSVDB-105462
http://www.ubuntu.com/usn/usn-2961-1/

Credit

This vulnerability was corrected in 2013 by Marti Maria, and was independently discovered by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Other Information

CVE IDs:CVE-2013-7455
Date Public:10 Jul 2013
Date First Published:04 May 2016
Date Last Updated:04 May 2016
Document Revision:15

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/369800

CPE : Common Platform Enumeration

Type	Description	Count
Application	Littlecms Little Cms Color Engine cpe:2.3:a:littlecms:little_cms_color_engine:2.5:::::::* cpe:2.3:a:littlecms:little_cms_color_engine:2.4:::::::* cpe:2.3:a:littlecms:little_cms_color_engine:2.3:::::::* cpe:2.3:a:littlecms:little_cms_color_engine:2.2:::::::* cpe:2.3:a:littlecms:little_cms_color_engine:2.1:::::::* cpe:2.3:a:littlecms:little_cms_color_engine:2.0:::::::*	6

Nessus® Vulnerability Scanner

Date	Description
2016-05-05	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2961-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-05-10 17:35:41	Multiple Updates
2016-05-07 17:34:41	Multiple Updates
2016-05-05 00:35:22	Multiple Updates
2016-05-05 00:25:18	Multiple Updates
2016-05-04 21:27:05	First insertion

Global Informations

Type	Count
CPE ID(s)	6
Nessus® Exploit(s)	1

	Related
10	USN-2961-1
9.8	CVE-2013-7455
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)