Search for vulnerabilities
Vulnerability details: VCID-rspx-3qs1-aaaf
Vulnerability ID VCID-rspx-3qs1-aaaf
Aliases CVE-2007-2741
Summary Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.04432 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.04432 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.04432 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.04432 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.04432 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.04432 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.05398 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.05398 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.05398 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.05398 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.05398 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.05398 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.06871 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.06871 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.06871 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.06871 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.08853 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
epss 0.14965 https://api.first.org/data/v1/epss?cve=CVE-2007-2741
generic_textual MODERATE http://secunia.com/advisories/27756
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2007-2741
generic_textual MODERATE http://www.novell.com/linux/security/advisories/2007_24_sr.html
Reference id Reference type URL
http://osvdb.org/36179
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2741.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2741
http://scary.beasts.org/security/CESA-2007-001.html
http://secunia.com/advisories/25294
http://secunia.com/advisories/27756
http://secunia.com/advisories/32282
https://exchange.xforce.ibmcloud.com/vulnerabilities/34331
http://www.mandriva.com/security/advisories?name=MDKSA-2007:238
http://www.novell.com/linux/security/advisories/2007_24_sr.html
http://www.securityfocus.com/bid/24001
http://www.ubuntu.com/usn/usn-652-1
http://www.vupen.com/english/advisories/2007/1837
cpe:2.3:a:littlecms:lcms:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:lcms:*:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:lcms:1.07:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:lcms:1.07:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:lcms:1.08:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:lcms:1.08:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:lcms:1.09:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:lcms:1.09:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:lcms:1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:lcms:1.10:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:lcms:1.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:lcms:1.11:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:lcms:1.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:lcms:1.12:*:*:*:*:*:*:*
cpe:2.3:a:littlecms:lcms:1.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:littlecms:lcms:1.13:*:*:*:*:*:*:*
CVE-2007-2741 https://nvd.nist.gov/vuln/detail/CVE-2007-2741
GLSA-201412-08 https://security.gentoo.org/glsa/201412-08
GLSA-201412-11 https://security.gentoo.org/glsa/201412-11
USN-652-1 https://usn.ubuntu.com/652-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-2741
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92609
EPSS Score 0.04432
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.