CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

CVE-2016-5824 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-5824) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-18356, CVE-2018-18500, CVE-2019-5785) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, g

CVE-2016-5824 [MEDIUM] CWE-416 libical: Multiple use-after-free vulnerabilities libical: Multiple use-after-free vulnerabilities libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. Package: thunderbird (Red Hat Enterprise Linux 5) - Will not fix Package: libical (Red Hat Enterprise Linux 6) - Not affected Package: libical (Red Hat Enterprise Linux 7) - Not affected Package: thunderbird (Red Hat Enterprise Linux 8) - Not affected

CVE-2016-5824 [MEDIUM] CVE-2016-5824: thunderbird - libical 1.0 allows remote attackers to cause a denial of service (use-after-free... libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. Scope: local bookworm: resolved (fixed in 1:60.5.0-1) bullseye: resolved (fixed in 1:60.5.0-1) forky: resolved (fixed in 1:60.5.0-1) sid: resolved (fixed in 1:60.5.0-1) trixie: resolved (fixed in 1:60.5.0-1)

CVE-2016-5824 [MEDIUM] libical 1.0 ICS File use after free (RHSA-2019:0269 / Nessus ID 100479) A vulnerability was found in libical 1.0 and classified as problematic. This issue affects some unknown processing of the component ICS File Handler. Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2016-5824. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

CVE-2016-5824 [MEDIUM] CWE-416 GHSA-w3h4-vpfj-x3xq: libical 1 libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

CVE-2016-5824 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities A use-after-free was discovered in libical. If a user were tricked in to opening a specially crafted ICS calendar file, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-5824) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. (CVE-2018-18356, CVE-2018-18500, CVE-2019-5785) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitr

CVE-2016-5824 [MEDIUM] CVE-2016-5824: libical 1 libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

CVE-2016-5824 [MEDIUM] CVE-2016-5824 CVE-2016-9584 thunderbird: various flaws [fedora-all] CVE-2016-5824 CVE-2016-9584 thunderbird: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. Wh

CVE-2016-5824 [MEDIUM] CVE-2016-5824 CVE-2016-9584 libical: various flaws [fedora-all] CVE-2016-5824 CVE-2016-9584 libical: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While

CVE-2016-5824 [MEDIUM] CVE-2016-5824 libical: Multiple use-after-free vulnerabilities CVE-2016-5824 libical: Multiple use-after-free vulnerabilities Multiple use after free vulnerabilities possibly having the same root cause was found in libical. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 CVE assignment: http://seclists.org/oss-sec/2016/q2/604 Discussion: Created thunderbird tracking bugs for this issue: Affects: fedora-all [bug 1375122] --- Created libical tracking bugs for this issue: Affects: fedora-all [bug 1375121] Affects: epel-5 [bug 1375123] --- External References: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/ --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:0269 https://access.redhat.com/errata/RHSA-2019:0269 --- This issue has been addressed in the fo

CVE-2016-5824 [MEDIUM] CVE-2016-5824 CVE-2016-9584 libical: various flaws [epel-5] CVE-2016-5824 CVE-2016-9584 libical: various flaws [epel-5] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs] Discussion: Use t

[MEDIUM] Handful use-after-free crashes in libical (used in Thunderbird) Handful use-after-free crashes in libical (used in Thunderbird) Created attachment 8756033 Handful of use-after-free crashes in libical User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 Steps to reproduce: Hello, After fuzzing libical for a bit (tested against 1.0, 1.0.1 from http://www.citadel.org/doku.php/documentation:featured_projects:libical and from libical git master), I have a small handful of use-after-free crashes, but are likely the same root cause. These might fall under the bug bounty, they might not. Thunderbird does use libical for parsing, however. Let me know if this is an improper place to submit this bug report. http://mxr.mozilla.org/comm-central/search?string=icalcomponent_as_ical