← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1679989] Re: CVE-2016-10165: heap OOB read parsing crafted ICC profile

 

** No longer affects: lcms2 (Ubuntu Yakkety)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1679989

Title:
  CVE-2016-10165: heap OOB read parsing crafted ICC profile

Status in lcms2 package in Ubuntu:
  Confirmed
Status in lcms2 source package in Precise:
  Confirmed
Status in lcms2 source package in Trusty:
  Confirmed
Status in lcms2 source package in Xenial:
  Confirmed
Status in lcms2 source package in Zesty:
  Confirmed
Status in lcms2 source package in Artful:
  Confirmed
Status in lcms2 package in Debian:
  Fix Released

Bug description:
  The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2)
  allows remote attackers to obtain sensitive information or cause a
  denial of service via an image with a crafted ICC profile, which
  triggers an out-of-bounds heap read.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lcms2/+bug/1679989/+subscriptions