CVE-2016-6855
Published: 23 August 2016
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
Priority
Status
Package | Release | Status |
---|---|---|
eog Launchpad, Ubuntu, Debian |
precise |
Released
(3.4.2-0ubuntu1.3)
|
trusty |
Released
(3.10.2-0ubuntu5.2)
|
|
upstream |
Released
(3.20.4-1)
|
|
xenial |
Released
(3.18.2-1ubuntu2.1)
|
|
Patches: upstream: https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |