Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2016-10165

Published: 03/02/2017 Updated: 10/01/2024
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Subscribe to Little Cms Color Engine

Vulnerability Summary

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote malicious users to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

littlecms little cms color engine

debian debian linux 8.0

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

opensuse leap 42.1

redhat enterprise linux desktop 7.0

redhat enterprise linux server 5.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux workstation 5.0

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat enterprise linux desktop 5.0

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server eus 7.3

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

redhat satellite 5.8

redhat enterprise linux server tus 7.6

redhat enterprise linux server eus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux server eus 7.7

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

netapp oncommand balance -

netapp oncommand insight -

netapp e-series santricity management -

netapp oncommand unified manager -

netapp active iq unified manager

netapp oncommand shift -

netapp oncommand performance manager -

netapp e-series santricity os controller 11.0

netapp e-series santricity os controller 11.0.0

netapp e-series santricity os controller 11.20

netapp e-series santricity os controller 11.25

netapp e-series santricity os controller 11.30

netapp e-series santricity os controller 11.30.5r3

netapp e-series santricity os controller 11.40

netapp e-series santricity os controller 11.40.3r2

netapp e-series santricity os controller 11.40.5

netapp e-series santricity os controller 11.50.1

netapp e-series santricity os controller 11.50.2

netapp e-series santricity os controller 11.60

netapp e-series santricity os controller 11.60.0

netapp e-series santricity os controller 11.60.1

netapp e-series santricity os controller 11.60.3

netapp e-series santricity os controller 11.70.1

netapp e-series santricity os controller 11.70.2

netapp oncommand unified manager 7.1

Vendor Advisories

Debian CVElist Bug Report Logs: lcms2: CVE-2016-10165: heap OOB read parsing crafted ICC profile
Debian Bug report logs - #852627 lcms2: CVE-2016-10165: heap OOB read parsing crafted ICC profile Package: src:lcms2; Maintainer for src:lcms2 is Thomas Weber <tweber@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 25 Jan 2017 18:18:03 UTC Severity: grave Tags: patch, security, upstream ...
Ubuntu Security Notice: lcms2 vulnerabilities
Several security issues were fixed in Little CMS ...
Ubuntu Security Notice: lcms, lcms2 vulnerabilities
Several security issues were fixed in Little CMS ...
Debian Security Advisories: DSA-3774-1 lcms2 -- security update
Ibrahim M El-Sayed discovered an out-of-bounds heap read vulnerability in the function Type_MLU_Read in lcms2, the Little CMS 2 color management library, which can be triggered by an image with a specially crafted ICC profile and leading to a heap memory leak or denial-of-service for applications using the lcms2 library For the stable distributio ...
Red Hat: Critical: java-1.8.0-ibm security update
Synopsis Critical: java-180-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Red Hat: Critical: java-1.8.0-openjdk security update
Synopsis Critical: java-180-openjdk security update Type/Severity Security Advisory: Critical Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Comm ...
Red Hat: Critical: java-1.8.0-ibm security update
Synopsis Critical: java-180-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring ...
Red Hat: Critical: java-1.7.1-ibm security update
Synopsis Critical: java-171-ibm security update Type/Severity Security Advisory: Critical Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Important: java-1.7.0-openjdk security update
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic An update for java-170-openjdk is now available for Red Hat Enterprise Linux5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a secur ...
Red Hat: Critical: java-1.8.0-oracle security update
Synopsis Critical: java-180-oracle security update Type/Severity Security Advisory: Critical Topic An update for java-180-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a secur ...
Red Hat: Important: java-1.7.0-oracle security update
Synopsis Important: java-170-oracle security update Type/Severity Security Advisory: Important Topic An update for java-170-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a sec ...
Red Hat: Important: java-1.8.0-ibm security update
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Topic An update for java-180-ibm is now available for Red Hat Satellite 58 and Red Hat Satellite 58 ELSRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...
Red Hat: CVE-2016-10165
The Type_MLU_Read function in cmstypesc in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read ...

References

CWE-125https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2http://www.securityfocus.com/bid/95808http://www.openwall.com/lists/oss-security/2017/01/25/14http://www.openwall.com/lists/oss-security/2017/01/23/1http://www.debian.org/security/2017/dsa-3774http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.htmlhttp://www.securitytracker.com/id/1039596http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttps://security.netapp.com/advisory/ntap-20171019-0001/https://access.redhat.com/errata/RHSA-2017:3268https://access.redhat.com/errata/RHSA-2017:3267https://access.redhat.com/errata/RHSA-2017:3264https://access.redhat.com/errata/RHSA-2017:3046https://access.redhat.com/errata/RHSA-2017:3453https://access.redhat.com/errata/RHSA-2017:2999http://rhn.redhat.com/errata/RHSA-2016-2658.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2079.htmlhttps://usn.ubuntu.com/3770-2/https://usn.ubuntu.com/3770-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852627https://nvd.nist.govhttps://usn.ubuntu.com/3770-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook