The TypeMLURead function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "openjdk-7-demo": "7u121-2.6.8-1ubuntu0.14.04.1", "openjdk-7-source": "7u121-2.6.8-1ubuntu0.14.04.1", "openjdk-7-jre": "7u121-2.6.8-1ubuntu0.14.04.1", "openjdk-7-jdk": "7u121-2.6.8-1ubuntu0.14.04.1", "openjdk-7-dbg": "7u121-2.6.8-1ubuntu0.14.04.1", "icedtea-7-jre-jamvm": "7u121-2.6.8-1ubuntu0.14.04.1", "openjdk-7-jre-zero": "7u121-2.6.8-1ubuntu0.14.04.1", "openjdk-7-doc": "7u121-2.6.8-1ubuntu0.14.04.1", "openjdk-7-jre-headless": "7u121-2.6.8-1ubuntu0.14.04.1", "openjdk-7-jre-lib": "7u121-2.6.8-1ubuntu0.14.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "liblcms2-2": "2.6-3ubuntu2.1", "liblcms2-2-dbgsym": "2.6-3ubuntu2.1", "liblcms2-dev-dbgsym": "2.6-3ubuntu2.1", "liblcms2-dbg": "2.6-3ubuntu2.1", "liblcms2-utils": "2.6-3ubuntu2.1", "liblcms2-dev": "2.6-3ubuntu2.1", "liblcms2-utils-dbgsym": "2.6-3ubuntu2.1" } ] }