CVE-2016-10165Out-of-bounds Read in Little CMS Color Engine

CWE-125Out-of-bounds Read14 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.9%
top 24.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Littlecms Little CMS Color EngineCanonical Ubuntu LinuxDebian Linux+11 more
Timeline
PublishedFeb 3
Latest updateMay 14

Description

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages9 packages

NVDopensuse/leap42.1
NVDredhat/enterprise_linux_server5.0, 6.0, 7.0+2
NVDredhat/enterprise_linux_desktop5.0, 6.0, 7.0+2

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, Enterprise Linux 7.3, 7.4, 7.6, 7.7, 7.5

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-2j4r-j436-59p3: The Type_MLU_Read function in cmstypes2022-05-14
OSV
lcms2 vulnerabilities2018-09-20
CVEList
CVE-2016-10165: The Type_MLU_Read function in cmstypes2017-02-03
OSV
CVE-2016-10165: The Type_MLU_Read function in cmstypes2017-02-03

📋Vendor Advisories

4
Ubuntu
Little CMS vulnerabilities2018-09-20
Ubuntu
Little CMS vulnerabilities2018-09-20
Red Hat
lcms2: Out-of-bounds read in Type_MLU_Read()2016-08-15
Debian
CVE-2016-10165: lcms2 - The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote...2016

💬Community

5
Bugzilla
CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read() [fedora-all]2016-08-16
Bugzilla
CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read()2016-08-16
Bugzilla
CVE-2016-10165 mingw-lcms2: lcms2: Out-of-bounds read in Type_MLU_Read() [fedora-all]2016-08-16
Bugzilla
CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read() [epel-5]2016-08-16
Bugzilla
CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read() [epel-6]2016-08-16
CVE-2016-10165 — Out-of-bounds Read | cvebase