*** This bug is a security vulnerability ***
Public security bug reported:
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2)
allows remote attackers to obtain sensitive information or cause a
denial of service via an image with a crafted ICC profile, which
triggers an out-of-bounds heap read.
** Affects: lcms2 (Ubuntu)
Importance: Undecided
Status: New
** Affects: lcms2 (Debian)
Importance: Unknown
Status: Unknown
** Tags: trusty xenial yakkety zesty
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-10165
** Information type changed from Private Security to Public Security
** Bug watch added: Debian Bug tracker #852627
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852627
** Also affects: lcms2 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852627
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1679989
Title:
CVE-2016-10165: heap OOB read parsing crafted ICC profile
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lcms2/+bug/1679989/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
