CVE-2012-1616

Description

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.

How to fix CVE-2012-1616

To remediate CVE-2012-1616, upgrade the affected package to a fixed version below.

• Debian/argyll—upgrade to 1.4.0-1 or later

Is CVE-2012-1616 being exploited?

Moderate — EPSS is 7.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.4.0-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-1616