CVE-2016-10165

Published: 03 February 2017

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

Priority

Low

CVSS 3 base score: 7.1

Status

Package Release Status
lcms2
Launchpad, Ubuntu, Debian
Upstream
Released (2.8-4)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.8-4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.6-3ubuntu2.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.5-0ubuntu4.2)
Patches:
Upstream: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
openjdk-7
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7u121-2.6.8-1ubuntu0.14.04.1])
openjdk-8
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(uses system lcms)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(uses system lcms)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist