Critical severity9.8NVD Advisory· Published May 7, 2016· Updated May 6, 2026

CVE-2013-7455

Description

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.

Affected products

Littlecms/Little Cms Color Engine6 versions
cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:littlecms:little_cms_color_engine:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:littlecms:little_cms_color_engine:2.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/369800nvdThird Party AdvisoryUS Government Resource
www.ubuntu.com/usn/USN-2961-1nvd
github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1dbnvd
penteston.com/OSVDB-105462nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.012
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000