Out-of-Bounds Heap Read Vulnerability in Little CMS by Tech Company
CVE-2016-10165

7.1HIGH

Key Information:

Vendor

Littlecms

Status
Little Cms Color Engine
Vendor
CVE Published:
3 February 2017

What is CVE-2016-10165?

The vulnerability in Little CMS occurs due to improper handling of crafted ICC profiles within the Type_MLU_Read function, leading to potential information disclosure and a denial of service. Attackers can exploit this flaw by submitting specially crafted images, which may cause an out-of-bounds heap read, revealing sensitive information to unauthorized parties.

References

https://usn.ubuntu.com/3770-2/
vendor-advisoryx_refsource_UBUNTU
http://www.debian.org/security/2017/dsa-3774
vendor-advisoryx_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-2079.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.