CVE-2016-6855

HIGH

Fedora - Out-of-Bounds Write

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-6855. PoCs published by Kaslov Dmitri.

AI-analyzed exploit summary The exploit describes an out-of-bounds write vulnerability in Gnome Eye of Gnome (CVE-2016-6855) due to invalid UTF8 input handling in GMarkup, potentially leading to memory corruption. The PoC is referenced as a separate binary file, but the provided text lacks executable code.

Description

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Kaslov Dmitri · textdoslinux

https://www.exploit-db.com/exploits/40291

View Code ZIP pw:eip

The exploit describes an out-of-bounds write vulnerability in Gnome Eye of Gnome (CVE-2016-6855) due to invalid UTF8 input handling in GMarkup, potentially leading to memory corruption. The PoC is referenced as a separate binary file, but the provided text lacks executable code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Gnome Eye of Gnome 3.10.2

No auth needed

Prerequisites: Invalid UTF8 input to GMarkup

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Release Notes x_refsource_confirm

https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4

Issue Tracking, Patch x_refsource_confirm

https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40291/

Release Notes x_refsource_confirm

https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92616

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-3069-1

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html

Issue Tracking x_refsource_confirm

https://bugzilla.gnome.org/show_bug.cgi?id=770143

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/

Release Notes x_refsource_confirm

https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html

Scores

CVSS v3 7.5

EPSS 0.1886

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (28)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

fedoraproject/fedora 23

fedoraproject/fedora 24

gnome/eye_of_gnome 3.16.5

gnome/eye_of_gnome 3.17.1

gnome/eye_of_gnome 3.17.2

gnome/eye_of_gnome 3.17.3

gnome/eye_of_gnome 3.17.90

... and 18 more

Published Sep 07, 2016

Tracked Since Feb 18, 2026