CVE-2016-10165
- Source
- https://cve.org/CVERecord?id=CVE-2016-10165
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10165.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-10165
- Downstream
- Related
- Published
- 2017-02-03T19:59:00.177Z
- Modified
- 2026-03-15T21:50:20.698839Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The TypeMLURead function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
- References
-
- https://access.redhat.com/errata/RHSA-2017:3453
- https://usn.ubuntu.com/3770-2/
- http://rhn.redhat.com/errata/RHSA-2016-2079.html
- http://www.debian.org/security/2017/dsa-3774
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html
- http://www.securityfocus.com/bid/95808
- https://access.redhat.com/errata/RHSA-2017:3267
- https://security.netapp.com/advisory/ntap-20171019-0001/
- https://usn.ubuntu.com/3770-1/
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3264
- https://access.redhat.com/errata/RHSA-2017:3268
- http://rhn.redhat.com/errata/RHSA-2016-2658.html
- http://www.securitytracker.com/id/1039596
- https://access.redhat.com/errata/RHSA-2017:3046
- http://www.openwall.com/lists/oss-security/2017/01/23/1
- https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.openwall.com/lists/oss-security/2017/01/25/14
Affected packages
Git / github.com/mm2/Little-CMS
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mm2/Little-CMS
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.11" } ] }
- Type
- GIT
- Repo
- https://github.com/mm2/little-cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
lcms2-2.*
lcms2-2.7
lcms2.*
lcms2.10
lcms2.10rc1
lcms2.2
lcms2.2rc0
lcms2.2rc1
lcms2.2rc2
lcms2.3
lcms2.3rc1
lcms2.3rc2
lcms2.3rc3
lcms2.4
lcms2.4rc1
lcms2.4rc2
lcms2.5
lcms2.5rc1
lcms2.5rc2
lcms2.5rc3
lcms2.6
lcms2.6rc0
lcms2.6rc1
lcms2.6rc3
lcms2.7rc1
lcms2.7rc2
lcms2.7rc3
lcms2.8
lcms2.8rc2
lcms2.9
lcms2.9rc1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10165.json"
vanir_signatures
[
{
"source": "https://github.com/mm2/little-cms/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-10165-5823015a",
"digest": {
"length": 1686.0,
"function_hash": "193084025655828714120386110864385602689"
},
"signature_type": "Function",
"target": {
"file": "src/cmstypes.c",
"function": "Type_MLU_Read"
}
},
{
"source": "https://github.com/mm2/little-cms/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2016-10165-f46349fe",
"digest": {
"threshold": 0.9,
"line_hashes": [
"174146422431459820255007659617750688561",
"78268650681982427652376948030072086009",
"22910717854434003833771298674182363943",
"221774076812319222840572722321423837729"
]
},
"signature_type": "Line",
"target": {
"file": "src/cmstypes.c"
}
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "7.3"
}
]
},
{
"events": [
{
"introduced": "9.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.25"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.30.5r3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.40"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.40.3r2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.40.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.50.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.50.2-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.50.2-p1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.60"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.60.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.60.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.60.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.70.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.70.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.1"
}
]
}
]