CVE-2016-9427

Priority
Medium
Description
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers
to cause client of bdwgc denial of service (heap buffer overflow crash) and
possibly execute arbitrary code via huge allocation.
References
Package
Source: libgc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (1:7.2d-5ubuntu2.1)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1:7.4.2-7.3ubuntu0.1)
Ubuntu 17.04 (Zesty Zapus):released (1:7.4.2-8ubuntu1)
Patches:
Upstream:https://github.com/ivmai/bdwgc/commit/0b6818708f7644db5c7bd0cc80e7adaa5a889257 (7.4 branch)
Upstream:https://github.com/ivmai/bdwgc/commit/1f3c938e5482e3770df2163ab03ed760fd12155a (7.4 branch)
Upstream:https://github.com/ivmai/bdwgc/commit/41a9ed4cc88c0ed92403e1bd720c68d26c632352 (7.4 branch)
Upstream:https://github.com/ivmai/bdwgc/commit/e273661227b4684265c09e04f75db81f7c5e697e (testcases)
Upstream:https://github.com/ivmai/bdwgc/commit/2ea6d85adc5fe07d7e9c5d35f2e5886857338681 (7.2 branch)
Upstream:https://github.com/ivmai/bdwgc/commit/949a7533d47e0ce0976e2d7aa3daa3bf9f31cabd (7.2 branch)
Upstream:https://github.com/ivmai/bdwgc/commit/a230ee8b21111b88749a97e6801048db1859a0fc (7.2 branch)
More Information

Updated: 2017-08-11 23:55:28 UTC (commit 13081)