cbcvebase.
CVE-2016-6855
published 2016-09-07

CVE-2016-6855: Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to…

PriorityP353high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
18.86%
96.9th percentile
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianeog< eog 3.20.4-1 (bookworm)eog 3.20.4-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
gnomeeog>= 0 < 3.20.4-13.20.4-1
gnomeeog>= 0 < 3.20.4-13.20.4-1
gnomeeog>= 0 < 3.20.4-13.20.4-1
gnomeeog>= 0 < 3.20.4-13.20.4-1
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome
gnomeeye_of_gnome

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.