VulnerableCode Package Details - pkg:deb/debian/lcms2@2.6-3%2Bdeb8u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-7g8v-91fw-aaan Aliases: CVE-2016-10165	The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.	2.8-4+deb9u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-tst4-dhas-aaap Aliases: CVE-2018-16435	Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.	2.8-4+deb9u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.9-3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7g8v-91fw-aaan
Aliases:
CVE-2016-10165

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

2.8-4+deb9u1
Affected by 1 other vulnerability.

VCID-tst4-dhas-aaap
Aliases:
CVE-2018-16435

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

2.8-4+deb9u1
Affected by 1 other vulnerability.

2.9-3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7g8v-91fw-aaan	The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.	CVE-2016-10165

Vulnerability

Summary

Aliases

VCID-7g8v-91fw-aaan

CVE-2016-10165

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T18:02:44.431333+00:00	Debian Oval Importer	Affected by	VCID-7g8v-91fw-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:47:31.887773+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T10:17:58.625699+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T09:41:51.337281+00:00	Debian Oval Importer	Fixing	VCID-7g8v-91fw-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-20T20:02:49.107408+00:00	Debian Oval Importer	Affected by	VCID-7g8v-91fw-aaan	None	36.1.3
2025-06-20T19:59:14.207156+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	None	36.1.3
2025-06-20T19:38:32.192331+00:00	Debian Oval Importer	Fixing	VCID-7g8v-91fw-aaan	None	36.1.3
2025-06-08T11:55:37.456012+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T10:34:25.586238+00:00	Debian Oval Importer	Affected by	VCID-7g8v-91fw-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:02:13.001424+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:05:40.199232+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T03:30:36.558623+00:00	Debian Oval Importer	Fixing	VCID-7g8v-91fw-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T13:50:34.035433+00:00	Debian Oval Importer	Affected by	VCID-7g8v-91fw-aaan	None	36.1.0
2025-06-07T13:48:54.990892+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	None	36.1.0
2025-06-07T13:32:46.837802+00:00	Debian Oval Importer	Fixing	VCID-7g8v-91fw-aaan	None	36.1.0
2025-04-12T19:57:34.235924+00:00	Debian Oval Importer	Affected by	VCID-7g8v-91fw-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:40:46.647201+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:15:49.246574+00:00	Debian Oval Importer	Affected by	VCID-7g8v-91fw-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:33:07.304607+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T02:34:06.430198+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T01:58:05.726882+00:00	Debian Oval Importer	Fixing	VCID-7g8v-91fw-aaan	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T12:25:30.544692+00:00	Debian Oval Importer	Affected by	VCID-7g8v-91fw-aaan	None	36.0.0
2025-04-07T12:23:55.879024+00:00	Debian Oval Importer	Affected by	VCID-tst4-dhas-aaap	None	36.0.0
2025-04-07T12:08:12.543809+00:00	Debian Oval Importer	Fixing	VCID-7g8v-91fw-aaan	None	36.0.0