Lucene search

[email protected]CVE-2016-6855

HistorySep 07, 2016 - 6:59 p.m.

CVE-2016-6855

2016-09-0718:59:05

CWE-787

[email protected]

web.nvd.nist.gov

cve-2016-6855

eye of gnome

eog

denial of service

out-of-bounds write

crash

remote attackers

glib

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.6%

JSON

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Affected configurations

NVD

Node

fedoraprojectfedoraMatch23

fedoraprojectfedoraMatch24

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.2

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

Node

gnomeeye_of_gnomeMatch3.16.5

gnomeeye_of_gnomeMatch3.17.1

gnomeeye_of_gnomeMatch3.17.2

gnomeeye_of_gnomeMatch3.17.3

gnomeeye_of_gnomeMatch3.17.90

gnomeeye_of_gnomeMatch3.17.91

gnomeeye_of_gnomeMatch3.17.92

gnomeeye_of_gnomeMatch3.18.0

gnomeeye_of_gnomeMatch3.18.1

gnomeeye_of_gnomeMatch3.18.2

gnomeeye_of_gnomeMatch3.19.1

gnomeeye_of_gnomeMatch3.19.2

gnomeeye_of_gnomeMatch3.19.3

gnomeeye_of_gnomeMatch3.19.4

gnomeeye_of_gnomeMatch3.19.90

gnomeeye_of_gnomeMatch3.19.91

gnomeeye_of_gnomeMatch3.19.92

gnomeeye_of_gnomeMatch3.20.0

gnomeeye_of_gnomeMatch3.20.1

gnomeeye_of_gnomeMatch3.20.2

gnomeeye_of_gnomeMatch3.20.3

AND

gnomeglibMatch2.44.0

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq23
fedoraproject:fedorafedoraproject fedoraeq24

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	23
fedoraproject:fedora	fedoraproject fedora	eq	24

References

lists.opensuse.org/opensuse-updates/2016-09/msg00021.html

packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html

www.securityfocus.com/bid/92616

www.ubuntu.com/usn/USN-3069-1

bugzilla.gnome.org/show_bug.cgi?id=770143

git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4

git.gnome.org/browse/eog/plain/NEWS?h=3.16.5

git.gnome.org/browse/eog/plain/NEWS?h=3.18.3

git.gnome.org/browse/eog/plain/NEWS?h=3.20.4

lists.debian.org/debian-lts-announce/2020/04/msg00018.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/

www.exploit-db.com/exploits/40291/

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.6%

JSON

Related for CVE-2016-6855

nessus12 openvas9 zdt1 ubuntucve1 debiancve1 cvelist1 fedora2 debian2 freebsd1 redhatcve1 nvd1 mageia1 ubuntu1 exploitpack1 osv1 prion1 exploitdb1