7.1

CVE-2016-10165

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionesm
DebianDebian Linux Version8.0
OpensuseLeap Version42.1
RedhatSatellite Version5.8
NetappActive Iq Unified Manager SwPlatformwindows Version >= 7.3
NetappActive Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
NetappE-series Santricity Management Version- SwPlatformvmware_sra
NetappE-series Santricity Management Version- SwPlatformvmware_vasa
NetappE-series Santricity Management Version- SwPlatformvmware_vcenter
NetappE-series Santricity Os Controller Version11.50.2 Update-
NetappE-series Santricity Os Controller Version11.50.2 Updatep1
NetappOncommand Balance Version-
NetappOncommand Insight Version-
NetappOncommand Performance Manager Version- SwPlatformvmware_vsphere
NetappOncommand Shift Version-
NetappOncommand Unified Manager Version- SwPlatform7-mode
NetappOncommand Unified Manager Version7.1 SwPlatformvmware_vsphere
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.77% 0.844
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
https://usn.ubuntu.com/3770-2/
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2079.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2658.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html
Third Party Advisory
http://www.debian.org/security/2017/dsa-3774
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/23/1
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2017/01/25/14
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/95808
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039596
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:2999
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453
Third Party Advisory
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
Patch
Third Party Advisory
Issue Tracking
https://security.netapp.com/advisory/ntap-20171019-0001/
Third Party Advisory
https://usn.ubuntu.com/3770-1/
Third Party Advisory