Bug 985137 (CVE-2013-4160) - CVE-2013-4160 Little CMS: multiple potential flaws
Summary: CVE-2013-4160 Little CMS: multiple potential flaws
Status: CLOSED NOTABUG
Alias: CVE-2013-4160
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20130620,repor...
Keywords: Reopened, Security
Depends On: 985140 987241 1024448
Blocks: 985138
TreeView+ depends on / blocked
 
Reported: 2013-07-16 22:28 UTC by Vincent Danen
Modified: 2017-05-26 07:37 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2017-05-26 07:37:35 UTC


Attachments (Terms of Use)

Description Vincent Danen 2013-07-16 22:28:26 UTC
A SUSE bug report [1] noted a number of potential flaws in lcms2 that were fixed in version 2.5.  The changelog indicates:

* Added some checks for non-happy path, mostly failing mallocs

which was fixed via https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9, however Stanislav looked at other changes between 2.4 and 2.5 and found some others that were suspect and could have potential security impact:

https://github.com/mm2/Little-CMS/commit/b0d5ffd4ad91cf8683ee106f13742db3dc66599a
https://github.com/mm2/Little-CMS/commit/06d4557477e7ab3330a24d69af4c67adcac9acdf
https://github.com/mm2/Little-CMS/commit/41d222df1bc6188131a8f46c32eab0a4d4cdf1b6
https://github.com/mm2/Little-CMS/commit/b0d5ffd4ad91cf8683ee106f13742db3dc66599a
https://github.com/mm2/Little-CMS/commit/9cf2d61867375f867e6e80906a571d222bc2cbf3
https://github.com/mm2/Little-CMS/commit/049d634ea6bf2a9bafbf9ddef18464be9caa567f
https://github.com/mm2/Little-CMS/commit/03f784fe8d5eaf8353e8521799a301b8a188388c
https://github.com/mm2/Little-CMS/commit/d2d902b9a03583ae482c782b2f243f7e5268a47d
https://github.com/mm2/Little-CMS/commit/c606462eda773b1cdd51dcfebd81fc8862652c51
https://github.com/mm2/Little-CMS/commit/65e2f1df3495edc984f7e0d7b7b24e29d851e240
https://github.com/mm2/Little-CMS/commit/886e2f524268efe8a1c3aa838c28e446fda24486
https://github.com/mm2/Little-CMS/commit/5d98f40ed58f6e8eb9aee6dd2d9467bbc8551ee7

It is probably advisable for Fedora to bump to version 2.5 if possible, or apply the above patches to the currently-shipping 2.4 version.


[1] https://bugzilla.novell.com/show_bug.cgi?id=826097

Comment 2 Vincent Danen 2013-07-22 18:39:39 UTC
This was assigned CVE-2013-4160:

http://openwall.com/lists/oss-security/2013/07/22/1

Comment 3 Huzaifa S. Sidhpurwala 2013-07-23 04:16:11 UTC
Created lcms2 tracking bugs for this issue:

Affects: fedora-all [bug 987241]

Comment 5 Vincent Danen 2013-10-29 16:38:46 UTC
This also affects lcms2 in EPEL6.

Comment 6 Vincent Danen 2013-10-29 16:39:31 UTC
Created lcms2 tracking bugs for this issue:

Affects: epel-6 [bug 1024448]

Comment 8 Vincent Danen 2014-01-23 02:49:04 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4160 to
the following vulnerability:

Name: CVE-2013-4160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4160
Assigned: 20130612
Reference: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html
Reference: http://openwall.com/lists/oss-security/2013/07/18/7
Reference: http://openwall.com/lists/oss-security/2013/07/22/1
Reference: https://bugzilla.novell.com/show_bug.cgi?id=826097#c9
Reference: https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other
products, allows remote attackers to cause a denial of service (NULL
pointer dereference and crash) via vectors related to (1)
cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3)
cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.

Comment 9 Fedora Update System 2016-03-25 21:52:30 UTC
lcms2-2.7-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.