CVE-2016-9840

CWE-125Out-of-bounds Read22 documents10 sources
Severity
8.8HIGH
EPSS
13.0%
top 5.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Apple Iphone OSApple MAC OS XApple Tvos+17 more
Timeline
PublishedMay 23
Latest updateMay 23

Description

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages22 packages

NVDzlib/zlib1.2.0.61.2.9
Debianzlib< 1:1.2.8.dfsg-3+3
Ubuntuzlib< 1:1.2.8.dfsg-2ubuntu4.3
NVDapple/tvos< 11.0
NVDboost/boost< 1.78.0

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, Enterprise Linux 7.4, 7.5

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

7
OSV
klibc vulnerabilities2024-05-23
OSV
klibc vulnerabilities2024-04-16
GHSA
GHSA-wrj6-35fr-8xw5: inftrees2022-05-13
OSV
rsync vulnerabilities2020-02-25
OSV
zlib vulnerabilities2020-01-22

📋Vendor Advisories

11
Ubuntu
klibc vulnerabilities2024-05-23
Ubuntu
klibc vulnerabilities2024-04-16
Ubuntu
rsync vulnerabilities2020-02-25
Ubuntu
zlib vulnerabilities2020-01-22
Apple
CVE-2016-9840: macOS High Sierra 10.132017-09-25

💬Community

3
Bugzilla
CVE-2016-9840 zlib: Out-of-bound pointer arithmetic in inftrees.c2016-12-07
Bugzilla
CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 zlib: various flaws [fedora-all]2016-12-07
Bugzilla
CVE-2014-9840 ImageMagick: out of bound access in palm file2016-06-07