127 matches found
libical: Multiple use-after-free vulnerabilities
libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...
Security vulnerabilities fixed in Thunderbird 60.5 — Mozilla
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. An earlier fix for an Inter-process Communication IPC vulnerability,...
PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update
CentOS Errata and Security Advisory CESA-2018:3140 An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Denial Of Service (DoS)
libical is vulnerable to denial of service DoS attacks. The vulnerability exists as the icalparser failed to check if the value type is valid before parsing it, causing a denial of service DoS attack when parsing a malicious ics file...
Use-After-Free (UAF)
libical is vulnerable to use-after-free UAF attacks. The vulnerability exists in the fetchlatlongfromstring function of icaltimezone.c due to a heap-based use-after-free UAF issue...
Debian: Security Advisory (DLA-959-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES11 Security Update : Recommended update for libical (SUSE-SU-2018:0119-1)
This update for libical fixes the following issues: Security issues fixed : - CVE-2016-5823: The icalpropertynewclone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bnc986632 - CVE-2016-5824: libical 1.0 allows remote...
SUSE-SU-2018:0119-1 Recommended update for libical
This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5823: The icalpropertynewclone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bnc986632 - CVE-2016-5824: libical 1.0 allows remote...
Updated libical packages fix security vulnerability
libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file CVE-2016-5824. The icaltimefromstring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted string to the...
MGASA-2018-0021 Updated libical packages fix security vulnerability
libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file CVE-2016-5824. The icaltimefromstring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted string to the...
openSUSE Security Update : libical (openSUSE-2017-869)
This update for libical fixes the following issues : Security issues fixed : - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bsc986639 - CVE-2016-5827: The icaltimefromstring function in libical 0.47 and 1.0 allows remote...
SUSE SLED12 / SLES12 Security Update : libical (SUSE-SU-2017:1989-1)
This update for libical fixes the following issues: Security issues fixed : - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bsc986639 - CVE-2016-5827: The icaltimefromstring function in libical 0.47 and 1.0 allows remote...
SUSE-SU-2017:1989-1 Security update for libical
This update for libical fixes the following issues: Security issues fixed: - CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. bsc986639 - CVE-2016-5827: The icaltimefromstring function in libical 0.47 and 1.0 allows remote...
Debian DLA-959-1 : libical security update
It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a specially crafted .ICS file. For Debian 7 'Wheezy', this issue has been fixed in libical version 0.48-2+deb7u1. We...
[SECURITY] [DLA 959-1] libical security update
Package : libical Version : 0.48-2+deb7u1 CVE ID : CVE-2016-5824 CVE-2016-9584 Debian Bug : 860451, 852034 It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a special...
DLA-959-1 libical - security update
Bulletin has no description...
Libical Denial of Service Vulnerability (CNVD-2017-03333)
Libical is an open source implementation of the iCalendar protocol and protocol data unit . A denial of service vulnerability exists in the icalpropertynewclone function in Libical. A remote attacker can cause a denial of service reuse after release via a specially crafted ics file...
Libical heap overflow vulnerability (CNVD-2017-03332)
Libical is an open source implementation of the iCalendar protocol and protocol data unit . A heap overflow vulnerability exists in libical version 1.0. An attacker can cause a denial of service reuse after release via a specially crafted ics file...
Design/Logic Flaw
The icaltimefromstring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted string to the icalparserparsestring function...
CVE-2016-5827
The icaltimefromstring function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service out-of-bounds heap read via a crafted string to the icalparserparsestring function...