CVE-2016-6855

Published: Sep 7, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.

Affected (28)

Products: Fedoraproject: Fedora · Opensuse: Leap, Opensuse · Canonical: Ubuntu Linux · +1 more

Show all products

Fedoraproject: Fedora · Opensuse: Leap, Opensuse · Canonical: Ubuntu Linux · Gnome: Eye Of Gnome

1 product

2 products

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 23
Fedoraproject Fedora	Version 24

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1
Opensuse Opensuse	Version 13.2

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04

Configuration D

21 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Gnome Eye Of Gnome	Version 3.16.5
Gnome Eye Of Gnome	Version 3.17.1
Gnome Eye Of Gnome	Version 3.17.2
Gnome Eye Of Gnome	Version 3.17.3
Gnome Eye Of Gnome	Version 3.17.90
Gnome Eye Of Gnome	Version 3.17.91
Gnome Eye Of Gnome	Version 3.17.92
Gnome Eye Of Gnome	Version 3.18.0
Gnome Eye Of Gnome	Version 3.18.1
Gnome Eye Of Gnome	Version 3.18.2
Gnome Eye Of Gnome	Version 3.19.1
Gnome Eye Of Gnome	Version 3.19.2
Gnome Eye Of Gnome	Version 3.19.3
Gnome Eye Of Gnome	Version 3.19.4
Gnome Eye Of Gnome	Version 3.19.90
Gnome Eye Of Gnome	Version 3.19.91
Gnome Eye Of Gnome	Version 3.19.92
Gnome Eye Of Gnome	Version 3.20.0
Gnome Eye Of Gnome	Version 3.20.1
Gnome Eye Of Gnome	Version 3.20.2
Gnome Eye Of Gnome	Version 3.20.3

Running on/with	Platform Versions
Gnome Glib	Version 2.44.0

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (26)

http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/92616

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-3069-1

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.gnome.org/show_bug.cgi?id=770143

Source: cve@mitre.org

Issue Tracking

https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4

Source: cve@mitre.org

Issue TrackingPatch

https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5

Source: cve@mitre.org

Release Notes

https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3

Source: cve@mitre.org

Release Notes

https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4

Source: cve@mitre.org

Release Notes

https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/

Source: cve@mitre.org

https://www.exploit-db.com/exploits/40291/

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/92616

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-3069-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.gnome.org/show_bug.cgi?id=770143

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/40291/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.