ALT-PU-2016-2417-1
Closed vulnerabilities
Published: 2016-12-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-9888
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
Severity: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- 94860
- 94860
- https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5
- https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5
- [debian-lts-announce] 20200425 [SECURITY] [DLA 2183-1] libgsf security update
- [debian-lts-announce] 20200425 [SECURITY] [DLA 2183-1] libgsf security update
- https://secunia.com/advisories/71201/
- https://secunia.com/advisories/71201/
- https://secunia.com/secunia_research/2016-17/
- https://secunia.com/secunia_research/2016-17/