ALT-PU-2016-1871-1

CVE-2016-6855

HIGH7.5

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Опубликовано: 2016-09-07Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html
http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html
http://www.securityfocus.com/bid/92616
http://www.ubuntu.com/usn/USN-3069-1
https://bugzilla.gnome.org/show_bug.cgi?id=770143
https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4
https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5
https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3
https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4
https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/
https://www.exploit-db.com/exploits/40291/
http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html
http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html
http://www.securityfocus.com/bid/92616
http://www.ubuntu.com/usn/USN-3069-1
https://bugzilla.gnome.org/show_bug.cgi?id=770143
https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4
https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5
https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3
https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4
https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/
https://www.exploit-db.com/exploits/40291/

Обновление пакета eog в ветке p8

Закрытые проблемы (1)

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.