Rapid7 Vulnerability & Exploit Database

Java CPU October 2017 Java SE, Java SE Embedded, JRockit vulnerability (CVE-2016-10165)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Java CPU October 2017 Java SE, Java SE Embedded, JRockit vulnerability (CVE-2016-10165)

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:P)

Published

02/03/2017

Created

07/25/2018

Added

10/18/2017

Modified

07/21/2021

Description

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

Solution(s)

jre-upgrade-latest

References

https://attackerkb.com/topics/cve-2016-10165
95808
CVE - 2016-10165
DSA-3774
RHSA-2016:2079
RHSA-2016:2658
RHSA-2017:2999
RHSA-2017:3046
RHSA-2017:3264
RHSA-2017:3267
RHSA-2017:3268
RHSA-2017:3453
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Java CPU October 2017 Java SE, Java SE Embedded, JRockit vulnerability (CVE-2016-10165)

Java CPU October 2017 Java SE, Java SE Embedded, JRockit vulnerability (CVE-2016-10165)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.