CVE-2016-8714
published 2017-03-10CVE-2016-8714: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script…
PriorityP343high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
2.40%
82.0th percentile
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | r-base | < r-base 3.3.3-1 (bookworm) | r-base 3.3.3-1 (bookworm) |
| r_project | r | — | — |
| r_project | r | — | — |
| the_r_project | r | — | — |
| the_r_project | r | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-468j-7q62-ffj2: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3
ghsa_unreviewed·2022-05-13
CVE-2016-8714 [HIGH] CWE-119 GHSA-468j-7q62-ffj2: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.
OSV
CVE-2016-8714: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3
osv·2017-03-10·CVSS 8.8
CVE-2016-8714 [HIGH] CVE-2016-8714: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.
Ubuntu
R vulnerability
vendor_ubuntu·2021-03-15
CVE-2016-8714 R vulnerability
Title: R vulnerability
Summary: R could be made to crash if it received specially crafted
input.
It was discovered that a buffer overflow in R causes memory corruption. An
attacker could possibly use this to cause a denial of service or execute
arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2016-8714: r-base - An exploitable buffer overflow vulnerability exists in the LoadEncoding function...
vendor_debian·2016·CVSS 8.8
CVE-2016-8714 [HIGH] CVE-2016-8714: r-base - An exploitable buffer overflow vulnerability exists in the LoadEncoding function...
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.
Scope: local
bookworm: resolved (fixed in 3.3.3-1)
bullseye: resolved (fixed in 3.3.3-1)
forky: resolved (fixed in 3.3.3-1)
sid: resolved (fixed in 3.3.3-1)
trixie: resolved (fixed in 3.3.3-1)
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: R - PDF LoadEncoding Code Execution Vulnerability
blogs_talos·2017-03-09·CVSS 8.8
CVE-2016-8714 [HIGH] Vulnerability Spotlight: R - PDF LoadEncoding Code Execution Vulnerability
Vulnerability Discovered by Cory Duplantis of Cisco Talos
### Overview Talos is disclosing TALOS-2016-0227 / CVE-2016-8714 which is a buffer overflow vulnerability in the LoadEncoding functionality of the R programming language version 3.3.0. TheR programming languageis commonly used in statistical computing and is supported by the R Foundation for Statistical Computing. R is praised for having a large variety of statistical and graphical features. The vulnerability is specifically related to the creation of a PDF document.
### Details This vulnerability specifically affects the PDF creation capabilities of R. During the creation of a PDF document, the file containing the encoding array can be specified by the user. The following command can specify the encoding file for a PDF.
While lo
Bugzilla
CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality
bugzilla·2017-03-10·CVSS 8.8
CVE-2016-8714 [HIGH] CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality
CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.
External References:
http://www.talosintelligence.com/reports/TALOS-2016-0227/
Discussion:
Created R tracking bugs for this issue:
Affects: epel-all [bug 1431174]
Affects: fedora-all [bug 1431173]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Bugzilla
CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality [epel-all]
bugzilla·2017-03-10·CVSS 8.8
CVE-2016-8714 [HIGH] CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality [epel-all]
CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions o
Bugzilla
CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality [fedora-all]
bugzilla·2017-03-10·CVSS 8.8
CVE-2016-8714 [HIGH] CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality [fedora-all]
CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versio
2017-03-10
Published