What is the severity of CVE-2016-10165?

CVE-2016-10165 is classified as a moderate severity vulnerability that can lead to information disclosure or denial of service.

How do I fix CVE-2016-10165?

To fix CVE-2016-10165, update Little CMS to version 2.8-4 or later if using Ubuntu, or ensure the latest patches are applied for affected distributions.

What are the potential impacts of CVE-2016-10165?

The potential impacts of CVE-2016-10165 include the possibility for remote attackers to read sensitive data or cause a denial of service via a specially crafted ICC profile.

Which systems are affected by CVE-2016-10165?

CVE-2016-10165 affects various versions of Little CMS and specific distributions such as Ubuntu, Debian, and Red Hat Enterprise Linux.

Is there a workaround for CVE-2016-10165?

While updating is the best solution for CVE-2016-10165, a temporary workaround includes implementing network level controls to block untrusted ICC profile processing.

Vulnerability/
CVE-2016-10165

high

7.1

CWE

125

16/8/2016

3/2/2017

6/8/2024

CVE-2016-10165

First published: Tue Aug 16 2016(Updated: )

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ubuntu/lcms2	<2.8-4	2.8-4
ubuntu/lcms2	<2.5-0ubuntu4.2	2.5-0ubuntu4.2
ubuntu/lcms2	<2.8-4	2.8-4
ubuntu/lcms2	<2.6-3ubuntu2.1	2.6-3ubuntu2.1
ubuntu/openjdk-7	<7	7
ubuntu/openjdk-7	<7	7
debian/lcms2		2.12~rc1-2 2.14-2
Little CMS Color engine
Debian GNU/Linux	=8.0
openSUSE	=42.1
Little CMS Color engine	<2.11
Ubuntu	=12.04
Ubuntu	=14.04
Ubuntu	=16.04
Ubuntu	=18.04
Debian	=8.0
redhat satellite	=5.8
redhat enterprise Linux desktop	=5.0
redhat enterprise Linux desktop	=6.0
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux server	=5.0
redhat enterprise Linux server	=6.0
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=7.3
redhat enterprise Linux server aus	=7.4
redhat enterprise Linux server aus	=7.6
redhat enterprise Linux server aus	=7.7
redhat enterprise Linux server eus	=7.3
redhat enterprise Linux server eus	=7.4
redhat enterprise Linux server eus	=7.5
redhat enterprise Linux server eus	=7.6
redhat enterprise Linux server eus	=7.7
redhat enterprise Linux server tus	=7.3
redhat enterprise Linux server tus	=7.6
redhat enterprise Linux server tus	=7.7
redhat enterprise Linux workstation	=5.0
redhat enterprise Linux workstation	=6.0
redhat enterprise Linux workstation	=7.0
netapp active iq unified manager windows	>=7.3
NetApp Active IQ Unified Manager for VMware vSphere	>=9.5
NetApp E-Series SANtricity Management
NetApp E-Series SANtricity Management
NetApp E-Series SANtricity Management for VMware vCenter
NetApp E-Series SANtricity OS Controller	=11.0
NetApp E-Series SANtricity OS Controller	=11.0.0
NetApp E-Series SANtricity OS Controller	=11.20
NetApp E-Series SANtricity OS Controller	=11.25
NetApp E-Series SANtricity OS Controller	=11.30
NetApp E-Series SANtricity OS Controller	=11.30.5r3
NetApp E-Series SANtricity OS Controller	=11.40
NetApp E-Series SANtricity OS Controller	=11.40.3r2
NetApp E-Series SANtricity OS Controller	=11.40.5
NetApp E-Series SANtricity OS Controller	=11.50.1
NetApp E-Series SANtricity OS Controller	=11.50.2
NetApp E-Series SANtricity OS Controller	=11.50.2-p1
NetApp E-Series SANtricity OS Controller	=11.60
NetApp E-Series SANtricity OS Controller	=11.60.0
NetApp E-Series SANtricity OS Controller	=11.60.1
NetApp E-Series SANtricity OS Controller	=11.60.3
NetApp E-Series SANtricity OS Controller	=11.70.1
NetApp E-Series SANtricity OS Controller	=11.70.2
NetApp OnCommand Balance
NetApp OnCommand Insight
NetApp OnCommand Performance Manager
NetApp OnCommand Shift
NetApp OnCommand Unified Manager for 7-Mode
NetApp OnCommand Unified Manager for vSphere	=7.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2016-10165?
CVE-2016-10165 is classified as a moderate severity vulnerability that can lead to information disclosure or denial of service.
How do I fix CVE-2016-10165?
To fix CVE-2016-10165, update Little CMS to version 2.8-4 or later if using Ubuntu, or ensure the latest patches are applied for affected distributions.
What are the potential impacts of CVE-2016-10165?
The potential impacts of CVE-2016-10165 include the possibility for remote attackers to read sensitive data or cause a denial of service via a specially crafted ICC profile.
Which systems are affected by CVE-2016-10165?
CVE-2016-10165 affects various versions of Little CMS and specific distributions such as Ubuntu, Debian, and Red Hat Enterprise Linux.
Is there a workaround for CVE-2016-10165?
While updating is the best solution for CVE-2016-10165, a temporary workaround includes implementing network level controls to block untrusted ICC profile processing.

agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-10165
agent/remedy
agent/weakness
agent/author
agent/severity
agent/description
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
agent/references
collector/security-tracker-debian
source/Debian
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
collector/nvd-cve
package-manager/ubuntu
package-manager/debian
vendor/littlecms
canonical/little cms color engine
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/8.0
vendor/opensuse
canonical/opensuse
version/opensuse/42.1
vendor/canonical
canonical/ubuntu
version/ubuntu/12.04
version/ubuntu/14.04
version/ubuntu/16.04
version/ubuntu/18.04
canonical/debian
version/debian/8.0
vendor/redhat
canonical/redhat satellite
version/redhat satellite/5.8
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/5.0
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/5.0
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.3
version/redhat enterprise linux server eus/7.4
version/redhat enterprise linux server eus/7.5
version/redhat enterprise linux server eus/7.6
version/redhat enterprise linux server eus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.3
version/redhat enterprise linux server tus/7.6
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/5.0
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
vendor/netapp
canonical/netapp active iq unified manager windows
version/netapp active iq unified manager windows/7.3
canonical/netapp active iq unified manager for vmware vsphere
version/netapp active iq unified manager for vmware vsphere/9.5
canonical/netapp e-series santricity management
canonical/netapp e-series santricity management for vmware vcenter
canonical/netapp e-series santricity os controller
version/netapp e-series santricity os controller/11.0
version/netapp e-series santricity os controller/11.0.0
version/netapp e-series santricity os controller/11.20
version/netapp e-series santricity os controller/11.25
version/netapp e-series santricity os controller/11.30
version/netapp e-series santricity os controller/11.30.5r3
version/netapp e-series santricity os controller/11.40
version/netapp e-series santricity os controller/11.40.3r2
version/netapp e-series santricity os controller/11.40.5
version/netapp e-series santricity os controller/11.50.1
version/netapp e-series santricity os controller/11.50.2
version/netapp e-series santricity os controller/11.50.2-p1
version/netapp e-series santricity os controller/11.60
version/netapp e-series santricity os controller/11.60.0
version/netapp e-series santricity os controller/11.60.1
version/netapp e-series santricity os controller/11.60.3
version/netapp e-series santricity os controller/11.70.1
version/netapp e-series santricity os controller/11.70.2
canonical/netapp oncommand balance
canonical/netapp oncommand insight
canonical/netapp oncommand performance manager
canonical/netapp oncommand shift
canonical/netapp oncommand unified manager for 7-mode
canonical/netapp oncommand unified manager for vsphere
version/netapp oncommand unified manager for vsphere/7.1

CVE-2016-10165

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2016-10165?

How do I fix CVE-2016-10165?

What are the potential impacts of CVE-2016-10165?

Which systems are affected by CVE-2016-10165?

Is there a workaround for CVE-2016-10165?

Company

Resources

Contact