CVE-2016-5824

MEDIUM

libical 1.0 - Use After Free

Title source: llm

Description

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

References (12)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/06/25/4

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/01/20/16

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91459

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:0269

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:0270

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1275400

[Issue Tracking, Patch, Third Party Advisory] https://github.com/libical/libical/issues/235

[Issue Tracking, Patch, Third Party Advisory] https://github.com/libical/libical/issues/251

[Issue Tracking, Patch, Third Party Advisory] https://github.com/libical/libical/issues/286

[Third Party Advisory] https://usn.ubuntu.com/3897-1/

[Third Party Advisory] https://security.gentoo.org/glsa/201904-02

[Third Party Advisory] https://security.gentoo.org/glsa/201904-07

Scores

CVSS v3 5.5

EPSS 0.0044

EPSS Percentile 63.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-416

Status published

Affected Products (15)

libical_project/libical

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

redhat/enterprise_linux_desktop

redhat/enterprise_linux_desktop

redhat/enterprise_linux_server

redhat/enterprise_linux_server

redhat/enterprise_linux_server_aus

redhat/enterprise_linux_server_eus

redhat/enterprise_linux_server_tus

redhat/enterprise_linux_workstation

redhat/enterprise_linux_workstation

n/a/n/a

Timeline

Published Jan 27, 2017

Tracked Since Feb 18, 2026