CVE-2016-10165

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-10165
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2079.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2658.html Third Party Advisory
http://www.debian.org/security/2017/dsa-3774 Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/23/1 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/25/14 Mailing List Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch
http://www.securityfocus.com/bid/95808 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039596 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2999 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/ Third Party Advisory
https://usn.ubuntu.com/3770-1/ Third Party Advisory
https://usn.ubuntu.com/3770-2/ Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2079.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2658.html Third Party Advisory
http://www.debian.org/security/2017/dsa-3774 Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/23/1 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/25/14 Mailing List Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch
http://www.securityfocus.com/bid/95808 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039596 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2999 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/ Third Party Advisory
https://usn.ubuntu.com/3770-1/ Third Party Advisory
https://usn.ubuntu.com/3770-2/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:7.1:*:*:*:*:vmware_vsphere:*:*
History

21 Nov 2024, 02:43

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html - Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2016-2079.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2016-2079.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2016-2658.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2016-2658.html - Third Party Advisory
References () http://www.debian.org/security/2017/dsa-3774 - Third Party Advisory () http://www.debian.org/security/2017/dsa-3774 - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2017/01/23/1 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2017/01/23/1 - Mailing List, Patch, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2017/01/25/14 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2017/01/25/14 - Mailing List, Patch, Third Party Advisory
References () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch
References () http://www.securityfocus.com/bid/95808 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95808 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1039596 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1039596 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3264 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3264 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3267 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3267 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3268 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3268 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory
References () https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 - Issue Tracking, Patch, Third Party Advisory () https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 - Issue Tracking, Patch, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20171019-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20171019-0001/ - Third Party Advisory
References () https://usn.ubuntu.com/3770-1/ - Third Party Advisory () https://usn.ubuntu.com/3770-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3770-2/ - Third Party Advisory () https://usn.ubuntu.com/3770-2/ - Third Party Advisory

20 Dec 2023, 16:43

Type Values Removed Values Added
First Time Redhat enterprise Linux Server Eus
Redhat enterprise Linux Workstation
Netapp oncommand Unified Manager
Netapp
Netapp active Iq Unified Manager
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server Tus
Redhat
Netapp oncommand Shift
Netapp oncommand Balance
Canonical ubuntu Linux
Netapp oncommand Performance Manager
Canonical
Netapp e-series Santricity Management
Netapp oncommand Insight
Netapp e-series Santricity Os Controller
Redhat enterprise Linux Server
Redhat satellite
Redhat enterprise Linux Desktop
References () http://rhn.redhat.com/errata/RHSA-2016-2079.html - () http://rhn.redhat.com/errata/RHSA-2016-2079.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2016-2658.html - () http://rhn.redhat.com/errata/RHSA-2016-2658.html - Third Party Advisory
References () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch
References () http://www.securitytracker.com/id/1039596 - () http://www.securitytracker.com/id/1039596 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2017:2999 - () https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3046 - () https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3264 - () https://access.redhat.com/errata/RHSA-2017:3264 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3267 - () https://access.redhat.com/errata/RHSA-2017:3267 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3268 - () https://access.redhat.com/errata/RHSA-2017:3268 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3453 - () https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20171019-0001/ - () https://security.netapp.com/advisory/ntap-20171019-0001/ - Third Party Advisory
References () https://usn.ubuntu.com/3770-1/ - () https://usn.ubuntu.com/3770-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3770-2/ - () https://usn.ubuntu.com/3770-2/ - Third Party Advisory
CPE cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:7.1:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:*
Information

Published : 2017-02-03 19:59

Updated : 2025-04-20 01:37

NVD link : CVE-2016-10165

Mitre link : CVE-2016-10165

CVE.ORG link : CVE-2016-10165

JSON object : View

Products Affected

redhat

  • enterprise_linux_workstation
  • satellite
  • enterprise_linux_server_aus
  • enterprise_linux_server_tus
  • enterprise_linux_server
  • enterprise_linux_desktop
  • enterprise_linux_server_eus

netapp

  • active_iq_unified_manager
  • e-series_santricity_management
  • oncommand_shift
  • oncommand_unified_manager
  • e-series_santricity_os_controller
  • oncommand_performance_manager
  • oncommand_balance
  • oncommand_insight

littlecms

  • little_cms_color_engine

debian

  • debian_linux

canonical

  • ubuntu_linux

opensuse

  • leap
CWE
CWE-125

Out-of-bounds Read