Fluid Attacks Database

Description

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	lcms2	>=0 <2.6-1	2.6-1
debian 13	lcms2	>=0 <2.6-1	2.6-1
debian 14	lcms2	>=0 <2.6-1	2.6-1
debian 11	lcms2	>=0 <2.6-1	2.6-1

Aliases

1. CVE-2013-74552. NVD-2013-74553. OSV-DEBIAN-2013-74554. OSV-2013-74555. SECURITY-TRACKER-CVE-2013-7455

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.