CVE-2016-4535

Published: May 5, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.

Affected (1)

Products: Mcafee: Livesafe

Mcafee

1 product

Livesafe

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Livesafe	Version 14.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://packetstormsecurity.com/files/136907/McAfee-Relocation-Processing-Memory-Corruption.html

Source: cve@mitre.org

https://bugs.chromium.org/p/project-zero/issues/detail?id=817

Source: cve@mitre.org

https://www.exploit-db.com/exploits/39770/

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/136907/McAfee-Relocation-Processing-Memory-Corruption.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.chromium.org/p/project-zero/issues/detail?id=817

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/39770/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.