CVE-2013-4160

Name of the Vulnerable Software and Affected Versions Little CMS (lcms2) versions prior to 2.5

Description The issue allows remote attackers to cause a denial of service, resulting in a crash due to a NULL pointer dereference. This can be achieved through various vectors, including cmsStageAllocLabV2ToV4curves, cmsPipelineDup, cmsAllocProfileSequenceDescription, CurvesAlloc, and cmsnamed.

Recommendations For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider disabling the use of cmsStageAllocLabV2ToV4curves, cmsPipelineDup, cmsAllocProfileSequenceDescription, CurvesAlloc, and cmsnamed functions until a patch is available.