2017-01-05
ALT-BU-2017-2858-2
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2016-09-27
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-7044
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://www.debian.org/security/2016/dsa-3672
- http://www.securitytracker.com/id/1036868
- http://www.ubuntu.com/usn/USN-3086-1
- https://irssi.org/security/irssi_sa_2016.txt
- http://www.debian.org/security/2016/dsa-3672
- http://www.securitytracker.com/id/1036868
- http://www.ubuntu.com/usn/USN-3086-1
- https://irssi.org/security/irssi_sa_2016.txt
Published: 2016-09-27
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-7045
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://www.debian.org/security/2016/dsa-3672
- http://www.securitytracker.com/id/1036868
- http://www.ubuntu.com/usn/USN-3086-1
- https://irssi.org/security/irssi_sa_2016.txt
- http://www.debian.org/security/2016/dsa-3672
- http://www.securitytracker.com/id/1036868
- http://www.ubuntu.com/usn/USN-3086-1
- https://irssi.org/security/irssi_sa_2016.txt