CVE-2016-10165
published 2017-02-03CVE-2016-10165: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an…
high7.1CVSS 3.1
AVLACLPRNUIRSUCHINAH
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
Affected
50 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | lcms2 | < lcms2 2.8-4 (bookworm) | lcms2 2.8-4 (bookworm) |
| littlecms | little_cms_color_engine | < 2.11 | 2.11 |
| netapp | active_iq_unified_manager | >= 7.3 | — |
| netapp | active_iq_unified_manager | >= 9.5 | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
| netapp | e-series_santricity_os_controller | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
osv7.1HIGH