CVE-2016-10165

First published: Tue Aug 16 2016(Updated: )

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Littlecms Little Cms Color Engine
Debian Debian Linux	=8.0
openSUSE Leap	=42.1
Littlecms Little Cms Color Engine	<2.11
Canonical Ubuntu Linux	=12.04
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Redhat Satellite	=5.8
Redhat Enterprise Linux Desktop	=5.0
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Server	=5.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.3
Redhat Enterprise Linux Server Aus	=7.4
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Aus	=7.7
Redhat Enterprise Linux Server Eus	=7.3
Redhat Enterprise Linux Server Eus	=7.4
Redhat Enterprise Linux Server Eus	=7.5
Redhat Enterprise Linux Server Eus	=7.6
Redhat Enterprise Linux Server Eus	=7.7
Redhat Enterprise Linux Server Tus	=7.3
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Server Tus	=7.7
Redhat Enterprise Linux Workstation	=5.0
Redhat Enterprise Linux Workstation	=6.0
Redhat Enterprise Linux Workstation	=7.0
Netapp Active Iq Unified Manager Windows	>=7.3
Netapp Active Iq Unified Manager Vmware Vsphere	>=9.5
Netapp E-series Santricity Management Vmware Sra
Netapp E-series Santricity Management Vmware Vasa
Netapp E-series Santricity Management Vmware Vcenter
NetApp E-Series SANtricity OS Controller	=11.0
NetApp E-Series SANtricity OS Controller	=11.0.0
NetApp E-Series SANtricity OS Controller	=11.20
NetApp E-Series SANtricity OS Controller	=11.25
NetApp E-Series SANtricity OS Controller	=11.30
NetApp E-Series SANtricity OS Controller	=11.30.5r3
NetApp E-Series SANtricity OS Controller	=11.40
NetApp E-Series SANtricity OS Controller	=11.40.3r2
NetApp E-Series SANtricity OS Controller	=11.40.5
NetApp E-Series SANtricity OS Controller	=11.50.1
NetApp E-Series SANtricity OS Controller	=11.50.2
NetApp E-Series SANtricity OS Controller	=11.50.2-p1
NetApp E-Series SANtricity OS Controller	=11.60
NetApp E-Series SANtricity OS Controller	=11.60.0
NetApp E-Series SANtricity OS Controller	=11.60.1
NetApp E-Series SANtricity OS Controller	=11.60.3
NetApp E-Series SANtricity OS Controller	=11.70.1
NetApp E-Series SANtricity OS Controller	=11.70.2
NetApp OnCommand Balance
NetApp OnCommand Insight
Netapp Oncommand Performance Manager Vmware Vsphere
Netapp Oncommand Shift
Netapp Oncommand Unified Manager 7-mode
Netapp Oncommand Unified Manager Vmware Vsphere	=7.1
ubuntu/lcms2	<2.8-4	2.8-4
ubuntu/lcms2	<2.5-0ubuntu4.2	2.5-0ubuntu4.2
ubuntu/lcms2	<2.8-4	2.8-4
ubuntu/lcms2	<2.6-3ubuntu2.1	2.6-3ubuntu2.1
ubuntu/openjdk-7	<7	7
ubuntu/openjdk-7	<7	7
debian/lcms2		2.12~rc1-2 2.14-2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-10165
agent/remedy
agent/last-modified-date
agent/weakness
agent/author
agent/severity
agent/description
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-cve
collector/usn-cve
source/Ubuntu
agent/references
agent/tags
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/littlecms
canonical/littlecms little cms color engine
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/42.1
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/12.04
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
vendor/redhat
canonical/redhat satellite
version/redhat satellite/5.8
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/5.0
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/5.0
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.3
version/redhat enterprise linux server eus/7.4
version/redhat enterprise linux server eus/7.5
version/redhat enterprise linux server eus/7.6
version/redhat enterprise linux server eus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.3
version/redhat enterprise linux server tus/7.6
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/5.0
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
vendor/netapp
canonical/netapp active iq unified manager windows
version/netapp active iq unified manager windows/7.3
canonical/netapp active iq unified manager vmware vsphere
version/netapp active iq unified manager vmware vsphere/9.5
canonical/netapp e-series santricity management vmware sra
canonical/netapp e-series santricity management vmware vasa
canonical/netapp e-series santricity management vmware vcenter
canonical/netapp e-series santricity os controller
version/netapp e-series santricity os controller/11.0
version/netapp e-series santricity os controller/11.0.0
version/netapp e-series santricity os controller/11.20
version/netapp e-series santricity os controller/11.25
version/netapp e-series santricity os controller/11.30
version/netapp e-series santricity os controller/11.30.5r3
version/netapp e-series santricity os controller/11.40
version/netapp e-series santricity os controller/11.40.3r2
version/netapp e-series santricity os controller/11.40.5
version/netapp e-series santricity os controller/11.50.1
version/netapp e-series santricity os controller/11.50.2
version/netapp e-series santricity os controller/11.50.2-p1
version/netapp e-series santricity os controller/11.60
version/netapp e-series santricity os controller/11.60.0
version/netapp e-series santricity os controller/11.60.1
version/netapp e-series santricity os controller/11.60.3
version/netapp e-series santricity os controller/11.70.1
version/netapp e-series santricity os controller/11.70.2
canonical/netapp oncommand balance
canonical/netapp oncommand insight
canonical/netapp oncommand performance manager vmware vsphere
canonical/netapp oncommand shift
canonical/netapp oncommand unified manager 7-mode
canonical/netapp oncommand unified manager vmware vsphere
version/netapp oncommand unified manager vmware vsphere/7.1
package-manager/ubuntu
package-manager/debian

CVE-2016-10165

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact