Little Cms · Little Cms · CVE-2013-7455
**Name of the Vulnerable Software and Affected Versions**
Little CMS versions prior to 2.6
**Description**
A double free vulnerability exists in the DefaultICCintents function in cmscnvrt.c in liblcms2. This issue can be triggered by a malformed ICC profile, allowing remote attackers to execute arbitrary code via an error in the default intent handler.
**Recommendations**
For versions prior to 2.6, update to version 2.6 or later to resolve the issue.