Denial of Service Vulnerability in Little CMS Used by OpenJDK
CVE-2013-4160

Currently unrated

Key Information:

Vendor: Littlecms
Status: Little Cms Color Engine
Vendor: CVE Published:; 21 January 2014

What is CVE-2013-4160?

A vulnerability in Little CMS (lcms2) versions prior to 2.5, utilized in OpenJDK 7 and possibly other products, allows remote attackers to exploit certain functions, leading to a denial of service. Specifically, functions such as cmsStageAllocLabV2ToV4curves, cmsPipelineDup, cmsAllocProfileSequenceDescription, CurvesAlloc, and cmsnamed may trigger a NULL pointer dereference, resulting in application crashes. This issue underscores the importance of keeping software updated to mitigate potential attacks.

References

http://openwall.com/lists/oss-security/2013/07/18/7

mailing-listx_refsource_MLIST

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/201...

mailing-listx_refsource_MLIST

http://www.ubuntu.com/usn/USN-1911-1

vendor-advisoryx_refsource_UBUNTU

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2014
Vulnerability Reserved
Jun 12, 2013

CVE-2013-4160 Data

JSON

Littlecms

What is CVE-2013-4160?

References

Timeline