CVE-2016-10165

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-10165
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2079.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2658.html Third Party Advisory
http://www.debian.org/security/2017/dsa-3774 Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/23/1 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/25/14 Mailing List Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch
http://www.securityfocus.com/bid/95808 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039596 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2999 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/ Third Party Advisory
https://usn.ubuntu.com/3770-1/ Third Party Advisory
https://usn.ubuntu.com/3770-2/ Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2079.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2658.html Third Party Advisory
http://www.debian.org/security/2017/dsa-3774 Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/23/1 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/25/14 Mailing List Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch
http://www.securityfocus.com/bid/95808 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039596 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2999 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/ Third Party Advisory
https://usn.ubuntu.com/3770-1/ Third Party Advisory
https://usn.ubuntu.com/3770-2/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:7.1:*:*:*:*:vmware_vsphere:*:*
History

21 Nov 2024, 02:43

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html - Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2016-2079.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2016-2079.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2016-2658.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2016-2658.html - Third Party Advisory
References () http://www.debian.org/security/2017/dsa-3774 - Third Party Advisory () http://www.debian.org/security/2017/dsa-3774 - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2017/01/23/1 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2017/01/23/1 - Mailing List, Patch, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2017/01/25/14 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2017/01/25/14 - Mailing List, Patch, Third Party Advisory
References () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch
References () http://www.securityfocus.com/bid/95808 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95808 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1039596 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1039596 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3264 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3264 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3267 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3267 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3268 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3268 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory
References () https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 - Issue Tracking, Patch, Third Party Advisory () https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 - Issue Tracking, Patch, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20171019-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20171019-0001/ - Third Party Advisory
References () https://usn.ubuntu.com/3770-1/ - Third Party Advisory () https://usn.ubuntu.com/3770-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3770-2/ - Third Party Advisory () https://usn.ubuntu.com/3770-2/ - Third Party Advisory

20 Dec 2023, 16:43

Type Values Removed Values Added
First Time Netapp e-series Santricity Management
Netapp active Iq Unified Manager
Redhat enterprise Linux Server Tus
Redhat
Netapp oncommand Unified Manager
Netapp oncommand Insight
Netapp
Redhat enterprise Linux Desktop
Netapp oncommand Balance
Canonical ubuntu Linux
Redhat enterprise Linux Server Aus
Redhat satellite
Netapp oncommand Shift
Redhat enterprise Linux Server Eus
Netapp oncommand Performance Manager
Redhat enterprise Linux Workstation
Canonical
Redhat enterprise Linux Server
Netapp e-series Santricity Os Controller
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3267 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3267 - Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20171019-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20171019-0001/ - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/3770-1/ - (UBUNTU) https://usn.ubuntu.com/3770-1/ - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/3770-2/ - (UBUNTU) https://usn.ubuntu.com/3770-2/ - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3264 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3264 - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2079.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2079.html - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3268 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3268 - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2658.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2016-2658.html - Third Party Advisory
References (SECTRACK) http://www.securitytracker.com/id/1039596 - (SECTRACK) http://www.securitytracker.com/id/1039596 - Third Party Advisory, VDB Entry
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory
CPE cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:7.1:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
Information

Published : 2017-02-03 19:59

Updated : 2024-11-21 02:43

NVD link : CVE-2016-10165

Mitre link : CVE-2016-10165

CVE.ORG link : CVE-2016-10165

JSON object : View

Products Affected

redhat

  • enterprise_linux_server
  • enterprise_linux_desktop
  • enterprise_linux_server_tus
  • enterprise_linux_server_aus
  • enterprise_linux_workstation
  • enterprise_linux_server_eus
  • satellite

netapp

  • oncommand_unified_manager
  • oncommand_insight
  • oncommand_shift
  • e-series_santricity_os_controller
  • e-series_santricity_management
  • active_iq_unified_manager
  • oncommand_performance_manager
  • oncommand_balance

canonical

  • ubuntu_linux

opensuse

  • leap

debian

  • debian_linux

littlecms

  • little_cms_color_engine
CWE
CWE-125

Out-of-bounds Read


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024