CVE-2016-10165

Published: 3 February 2017

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

Notes

Author	Note
sbeattie	openjdk-7 as of 7u111-2.6.7 uses embedded copy of lcms2 (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1896)

Priority

Cvss 3 Severity Score

7.1

Score breakdown

Status

Package	Release	Status
lcms2 Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Released (2.8-4)
	precise	Released (2.2+git20110628-2ubuntu3.3)
	trusty	Released (2.5-0ubuntu4.2)
	upstream	Released (2.8-4)
	xenial	Released (2.6-3ubuntu2.1)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
	Patches: upstream: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
openjdk-7 Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	precise	Does not exist (precise was released [7u121-2.6.8-1ubuntu0.12.04.1])
	trusty	Does not exist (trusty was released [7u121-2.6.8-1ubuntu0.14.04.1])
	upstream	Needs triage
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
openjdk-8 Launchpad, Ubuntu, Debian	artful	Not vulnerable (uses system lcms)
	bionic	Not vulnerable (uses system lcms)
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (uses system lcms)
	zesty	Not vulnerable (uses system lcms)

Severity score breakdown

Parameter	Value
Base score	7.1
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›