View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-10165 low priority: Ubuntu including 3 source packages (lcms2, openjdk-7, openjdk-8), 22 status rows across 8 suites (artful, bionic, precise, trusty, upstream, xenial, yakkety, zesty): DNE 6, released 6, ignored 4, not-affected 4, needs-triage 2.
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.