CVE-2016-3994

CWE-119Buffer Overflow11 documents7 sources
Severity
8.2HIGH
EPSS
1.0%
top 23.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Enlightenment Imlib2Debian Debian Linux
Timeline
PublishedMay 13
Latest updateMay 17

Description

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages3 packages

Debianimlib2< 1.4.8-1+3
Ubuntuimlib2< 1.4.6-2ubuntu0.1+1

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: sourceforge.netPatch: sourceforge.net

🔴Vulnerability Details

4
GHSA
GHSA-cmcr-325m-79m9: The GIF loader in imlib2 before 12022-05-17
OSV
imlib2 vulnerabilities2016-09-09
CVEList
CVE-2016-3994: The GIF loader in imlib2 before 12016-05-13
OSV
CVE-2016-3994: The GIF loader in imlib2 before 12016-05-13

📋Vendor Advisories

2
Ubuntu
Imlib2 vulnerabilities2016-09-09
Debian
CVE-2016-3994: imlib2 - The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial ...2016

💬Community

4
Bugzilla
CVE-2016-3994 imlib2: out of bound read in GIF loader [epel-6]2016-04-01
Bugzilla
CVE-2016-3994 imlib2: out of bound read in GIF loader [epel-7]2016-04-01
Bugzilla
CVE-2016-3994 imlib2: out of bound read in GIF loader [fedora-all]2016-04-01
Bugzilla
CVE-2016-3994 imlib2: out of bound read in GIF loader2016-04-01
CVE-2016-3994 (HIGH CVSS 8.2) | The GIF loader in imlib2 before 1.4 | cvebase.io