CVE-2016-6855

HIGH

Fedora - Out-of-Bounds Write

Title source: rule
STIX 2.1

Description

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Kaslov Dmitri · textdoslinux
https://www.exploit-db.com/exploits/40291

References (13)

Core 13
Core References
Release Notes x_refsource_confirm
https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40291/
Release Notes x_refsource_confirm
https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92616
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3069-1
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html
Issue Tracking x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=770143
Release Notes x_refsource_confirm
https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html

Scores

CVSS v3 7.5
EPSS 0.0404
EPSS Percentile 88.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-787
Status published
Products (28)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
fedoraproject/fedora 23
fedoraproject/fedora 24
gnome/eye_of_gnome 3.16.5
gnome/eye_of_gnome 3.17.1
gnome/eye_of_gnome 3.17.2
gnome/eye_of_gnome 3.17.3
gnome/eye_of_gnome 3.17.90
... and 18 more
Published Sep 07, 2016
Tracked Since Feb 18, 2026