CVE-2016-6855
First published: Wed Sep 07 2016(Updated: )
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fedora | =23 | |
| Fedora | =24 | |
| SUSE openSUSE | =42.1 | |
| openSUSE libeconf | =13.2 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Eye of GNOME | =3.16.5 | |
| Eye of GNOME | =3.17.1 | |
| Eye of GNOME | =3.17.2 | |
| Eye of GNOME | =3.17.3 | |
| Eye of GNOME | =3.17.90 | |
| Eye of GNOME | =3.17.91 | |
| Eye of GNOME | =3.17.92 | |
| Eye of GNOME | =3.18.0 | |
| Eye of GNOME | =3.18.1 | |
| Eye of GNOME | =3.18.2 | |
| Eye of GNOME | =3.19.1 | |
| Eye of GNOME | =3.19.2 | |
| Eye of GNOME | =3.19.3 | |
| Eye of GNOME | =3.19.4 | |
| Eye of GNOME | =3.19.90 | |
| Eye of GNOME | =3.19.91 | |
| Eye of GNOME | =3.19.92 | |
| Eye of GNOME | =3.20.0 | |
| Eye of GNOME | =3.20.1 | |
| Eye of GNOME | =3.20.2 | |
| Eye of GNOME | =3.20.3 | |
| GNOME libraries | =2.44.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00021.html
- http://packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.html
- http://www.securityfocus.com/bid/92616
- http://www.ubuntu.com/usn/USN-3069-1
- https://bugzilla.gnome.org/show_bug.cgi?id=770143
- https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4
- https://git.gnome.org/browse/eog/plain/NEWS?h=3.16.5
- https://git.gnome.org/browse/eog/plain/NEWS?h=3.18.3
- https://git.gnome.org/browse/eog/plain/NEWS?h=3.20.4
- https://lists.debian.org/debian-lts-announce/2020/04/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/
- https://www.exploit-db.com/exploits/40291/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/
Frequently Asked Questions
What is the severity of CVE-2016-6855?
CVE-2016-6855 has a severity rating that classifies it as a denial of service vulnerability.
How do I fix CVE-2016-6855?
To fix CVE-2016-6855, upgrade to Eye of GNOME version 3.18.3, 3.20.4, or later, and ensure GLib is updated to version 2.44.1 or newer.
Which versions of Eye of GNOME are affected by CVE-2016-6855?
Affected versions of Eye of GNOME include 3.16.5, all 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4.
Which systems are impacted by CVE-2016-6855?
CVE-2016-6855 impacts systems running Eye of GNOME on Fedora, openSUSE, and Ubuntu such as Fedora 23 and 24, openSUSE Leap 42.1, and Ubuntu LTS releases from 12.04 to 16.04.
What kind of vulnerability is CVE-2016-6855?
CVE-2016-6855 is an out-of-bounds write vulnerability that can lead to a crash when invalid UTF-8 data is processed.
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- vendor/fedoraproject
- canonical/fedora
- version/fedora/23
- version/fedora/24
- vendor/opensuse
- canonical/suse opensuse
- version/suse opensuse/42.1
- canonical/opensuse libeconf
- version/opensuse libeconf/13.2
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- vendor/gnome
- canonical/eye of gnome
- version/eye of gnome/3.16.5
- version/eye of gnome/3.17.1
- version/eye of gnome/3.17.2
- version/eye of gnome/3.17.3
- version/eye of gnome/3.17.90
- version/eye of gnome/3.17.91
- version/eye of gnome/3.17.92
- version/eye of gnome/3.18.0
- version/eye of gnome/3.18.1
- version/eye of gnome/3.18.2
- version/eye of gnome/3.19.1
- version/eye of gnome/3.19.2
- version/eye of gnome/3.19.3
- version/eye of gnome/3.19.4
- version/eye of gnome/3.19.90
- version/eye of gnome/3.19.91
- version/eye of gnome/3.19.92
- version/eye of gnome/3.20.0
- version/eye of gnome/3.20.1
- version/eye of gnome/3.20.2
- version/eye of gnome/3.20.3
- canonical/gnome libraries
- version/gnome libraries/2.44.0