VDB
ALPINE-CVE-2016-10165
ALPINE-CVE-2016-10165
PUBLISHED
CVSS 7.099999904632568 HIGH
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.22 | lcms2 | 2.6-r0, 0, 2.8-r0 |
| Alpine:v3.12 | lcms2 | 0, 0, 2.8-r0 |
| Alpine:v3.5 | lcms2 | 2.6-r0, 0, 2.8-r0 |
| Alpine:v3.2 | lcms2 | 0, 0, 2.5-r0 |
| Alpine:v3.8 | lcms2 | 2.7-r0, 2.5-r0, 2.5-r0 |
| Alpine:v3.10 | lcms2 | 2.8-r0, 0, 2.5-r0 |
| Alpine:v3.21 | lcms2 | 2.5-r0, 0, 2.6-r0 |
| Alpine:v3.16 | lcms2 | 2.6-r0, 0, 2.8-r0 |
| Alpine:v3.11 | lcms2 | 0, 0, 2.8-r0 |
| Alpine:v3.7 | lcms2 | 0, 0, 2.8-r0 |
| Alpine:v3.18 | lcms2 | 0, 0, 2.5-r0 |
| Alpine:v3.3 | lcms2 | 0, 2.5-r0, 2.7-r0 |
| Alpine:v3.19 | lcms2 | 2.7-r1, 0, 2.5-r0 |
| Alpine:v3.13 | lcms2 | 2.7-r1, 0, 2.8-r0 |
| Alpine:v3.9 | lcms2 | 0, 2.8-r0, 2.7-r1 |
| Alpine:v3.17 | lcms2 | 2.7-r0, 0, 2.8-r0 |
| Alpine:v3.23 | lcms2 | 2.5-r0, 0, 2.7-r0 |
| Alpine:v3.24 | lcms2 | 0 |
| Alpine:v3.20 | lcms2 | 0, 0, 2.8-r0 |
| Alpine:v3.6 | lcms2 | 0, 2.8-r0, 2.7-r1 |
…and 3 more
Timeline
- Feb 3, 2017 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated