CVE-2013-4276

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.

Published: Sep 28, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-4276
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
littlecms / little_cms_color_engine	1.15	1.15.x
littlecms / little_cms_color_engine	1.12	1.12.x
littlecms / little_cms_color_engine	-	1.19.x
littlecms / little_cms_color_engine	1.13	1.13.x
littlecms / little_cms_color_engine	1.11	1.11.x
littlecms / little_cms_color_engine	1.08	1.08.x
littlecms / little_cms_color_engine	1.18	1.18.x
littlecms / little_cms_color_engine	1.10	1.10.x
littlecms / little_cms_color_engine	1.09	1.09.x
littlecms / little_cms_color_engine	1.16	1.16.x
littlecms / little_cms_color_engine	1.17	1.17.x
littlecms / little_cms_color_engine	1.07	1.07.x
littlecms / little_cms_color_engine	1.14	1.14.x

Vulnerability Database

289,599

CVE-2013-4276