CVE-2017-10309

Name of the Vulnerable Software and Affected Versions Java SE versions 8u144 and 9 Little CMS (affected versions not specified)

Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized access to Java SE accessible data and a partial denial of service of Java SE. This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. In the case of Little CMS, a remote attacker could exploit an out-of-bounds read in the Type MLU Read function to cause the application to crash or obtain sensitive information.

Recommendations For Java SE version 8u144, update to a version that is not affected by this issue. For Java SE version 9, update to a version that is not affected by this issue. For Little CMS, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of untrusted images to minimize the risk of exploitation.