View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-10165 severity moderate: SUSE including 159 source package names (java-1_7_0-ibm-1.7.0_sr10.15-65.8.1, java-1_7_0-ibm-alsa-1.7.0_sr10.15-65.8.1, …), 583 product×package rows across 89 product lines (Image SLES12-SP5-Azure-SAP-BYOS, Image SLES12-SP5-Azure-SAP-On-Demand, … (89 product lines)): Fixed 344, Known Not Affected 239.
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.