CVE 2016-10165
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
Related bugs and status
CVE-2016-10165 (Candidate) is related to these bugs:
Bug #1679989: CVE-2016-10165: heap OOB read parsing crafted ICC profile
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1679989 | CVE-2016-10165: heap OOB read parsing crafted ICC profile | lcms2 (Ubuntu) | Low | Confirmed | ||
| 1679989 | CVE-2016-10165: heap OOB read parsing crafted ICC profile | lcms2 (Debian) | Unknown | Fix Released | ||
| 1679989 | CVE-2016-10165: heap OOB read parsing crafted ICC profile | lcms2 (Ubuntu Precise) | Low | Won't Fix | ||
| 1679989 | CVE-2016-10165: heap OOB read parsing crafted ICC profile | lcms2 (Ubuntu Trusty) | Low | Confirmed | ||
| 1679989 | CVE-2016-10165: heap OOB read parsing crafted ICC profile | lcms2 (Ubuntu Zesty) | Low | Confirmed | ||
| 1679989 | CVE-2016-10165: heap OOB read parsing crafted ICC profile | lcms2 (Ubuntu Xenial) | Low | Confirmed | ||
| 1679989 | CVE-2016-10165: heap OOB read parsing crafted ICC profile | lcms2 (Ubuntu Artful) | Low | Won't Fix | ||
Bug #1723860: PPC64: add Montgomery multiply intrinsic is absent currently in OpenJDK 8
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1723860 | PPC64: add Montgomery multiply intrinsic is absent currently in OpenJDK 8 | openjdk-8 (Ubuntu) | Undecided | Fix Released | ||
| 1723860 | PPC64: add Montgomery multiply intrinsic is absent currently in OpenJDK 8 | The Ubuntu-power-systems project | Medium | Fix Released | ||
Bug #1723861: PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1723861 | PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8 | openjdk-8 (Ubuntu) | Low | Fix Released | ||
| 1723861 | PPC64: Leverage extrdi for bitfield extract is absent in OpenJDK 8 | The Ubuntu-power-systems project | Medium | Fix Released | ||
Bug #1723862: PPC64: Use andis instead of lis/and is absent in OpenJDK 8
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1723862 | PPC64: Use andis instead of lis/and is absent in OpenJDK 8 | openjdk-8 (Ubuntu) | Low | Fix Released | ||
| 1723862 | PPC64: Use andis instead of lis/and is absent in OpenJDK 8 | The Ubuntu-power-systems project | Medium | Fix Released | ||
Bug #1723893: PPC64: Use cmpldi instead of li/cmpld is absent in OpenJDK 8
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1723893 | PPC64: Use cmpldi instead of li/cmpld is absent in OpenJDK 8 | openjdk-8 (Ubuntu) | Low | Fix Released | ||
| 1723893 | PPC64: Use cmpldi instead of li/cmpld is absent in OpenJDK 8 | The Ubuntu-power-systems project | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
