1332518 – (CVE-2013-7455) CVE-2013-7455 lcms2: double free on error recovering

Bug 1332518 (CVE-2013-7455) - CVE-2013-7455 lcms2: double free on error recovering

Summary: CVE-2013-7455 lcms2: double free on error recovering

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2013-7455
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-03 11:37 UTC by Martin Prpič
Modified:	2021-02-17 03:56 UTC (History)
CC List:	2 users (show)
Fixed In Version:	lcms2 2.6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-03 11:37:56 UTC
Embargoed:

Attachments	(Terms of Use)

Description Martin Prpič 2016-05-03 11:37:38 UTC

CERT Coordination Center reports:

We have discovered a vulnerability in the Little CMS 2 (lcms2) package that has been fixed in lcms2 2.6, which was released in 2014. However, this issue was never assigned a CVE, and subsequently has not gathered the attention that it deserves.

The vulnerability was disocvered via fuzzing the latest poppler code with BFF. Because of the way that the poppler software was installed, it was using a distro-provided (Ubuntu) liblcms2 package. In particular, a fully-patched Ubuntu 14.04 platform provides liblcms2 version 2.5, which is vulnerable.

This is the commit that addresses the vulnerability:

https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db#diff-189a94f0a7a47efdd43f5567e27a973b

Comment 1 Martin Prpič 2016-05-03 11:37:42 UTC

Acknowledgments:

Name: CERT/CC

Comment 2 Andrej Nemec 2016-05-06 07:29:58 UTC

Public via:

http://www.kb.cert.org/vuls/id/369800

Note You need to log in before you can comment on or make changes to this bug.