CVE-2013-4276
Gentoo Linux Security Advisory 201412-46
Severity Score
Exploit Likelihood
Affected Versions
13Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.
Múltiples vulnerabilidades buffer overflow de pila en LittleCMS (tambien conocido como lcms o liblcms) 1.19 y anteriores, permite a un atacante remoto causar una denegación de servicio (caída) a través de (1) un perfil ICC color manipulado en la utilidad icctrans, o (2) una imágen TIFF manipulada en la utilidad tiffdiff.
USN-3770-1 fixed a vulnerability in Little CMS. This update provides the corresponding update for Ubuntu 12.04 ESM. Pedro Ribeiro discovered that Little CMS incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-12 CVE Reserved
- 2013-08-27 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/08/22/3 | 2018-09-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=992975 | 2018-09-21 |
| URL | Date | SRC |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682 | 2018-09-21 | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg0002... | 2018-09-21 | |
| http://lists.opensuse.org/opensuse-updates/2013-10/msg0002... | 2018-09-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=991757 | 2018-09-21 | |
| https://usn.ubuntu.com/3770-2 | 2018-09-21 |