CVE-2016-9841

22 documents10 sources

Severity

9.8CRITICAL

EPSS

13.5%

top 5.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +20 more

Timeline

PublishedMay 23

Latest updateMay 23

Description

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages25 packages

▶NVDzlib/zlib1.2.0 — 1.2.9

▶Debianzlib< 1:1.2.8.dfsg-4+3

▶Ubuntuzlib< 1:1.2.8.dfsg-2ubuntu4.3

▶NVDapple/tvos< 11.0

▶NVDapple/watchos< 4

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, Enterprise Linux 7.4, 7.5

🔴Vulnerability Details

OSV

klibc vulnerabilities↗2024-05-23

▶

OSV

klibc vulnerabilities↗2024-04-16

▶

GHSA

GHSA-5f8r-846v-423w: inffast↗2022-05-13

▶

OSV

rsync vulnerabilities↗2020-02-25

▶

OSV

zlib vulnerabilities↗2020-01-22

▶

📋Vendor Advisories

Ubuntu

klibc vulnerabilities↗2024-05-23

▶

Ubuntu

klibc vulnerabilities↗2024-04-16

▶

Ubuntu

rsync vulnerabilities↗2020-02-25

▶

Ubuntu

zlib vulnerabilities↗2020-01-22

▶

Apple

CVE-2016-9841: macOS High Sierra 10.13↗2017-09-25

▶

💬Community

Bugzilla

CVE-2016-9841 zlib: Out-of-bounds pointer arithmetic in inffast.c↗2016-12-07

▶

Bugzilla

CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 zlib: various flaws [fedora-all]↗2016-12-07

▶

Bugzilla

CVE-2014-9841 ImageMagick: throwing of exceptions in psd handling↗2016-06-07

▶