CVE-2016-5824Use After Free in Project Libical

CWE-416Use After Free13 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 36.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Mozilla ThunderbirdCanonical Ubuntu LinuxLibical Project Libical+6 more
Timeline
PublishedJan 27
Latest updateMay 14

Description

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

Debianmozilla/thunderbird< 1:60.5.0-1+3
Ubuntumozilla/thunderbird< 1:60.5.1+build2-0ubuntu0.14.04.1+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.6

Patches

Patch: www.openwall.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-w3h4-vpfj-x3xq: libical 12022-05-14
OSV
thunderbird vulnerabilities2019-02-26
OSV
CVE-2016-5824: libical 12017-01-27
CVEList
CVE-2016-5824: libical 12017-01-27

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2019-02-26
Red Hat
libical: Multiple use-after-free vulnerabilities2016-05-24
Debian
CVE-2016-5824: thunderbird - libical 1.0 allows remote attackers to cause a denial of service (use-after-free...2016

💬Community

5
Bugzilla
CVE-2016-5824 CVE-2016-9584 thunderbird: various flaws [fedora-all]2016-09-12
Bugzilla
CVE-2016-5824 CVE-2016-9584 libical: various flaws [fedora-all]2016-09-12
Bugzilla
CVE-2016-5824 libical: Multiple use-after-free vulnerabilities2016-09-12
Bugzilla
CVE-2016-5824 CVE-2016-9584 libical: various flaws [epel-5]2016-09-12
Bugzilla
Handful use-after-free crashes in libical (used in Thunderbird)2016-05-25
CVE-2016-5824 — Use After Free in Project Libical | cvebase