Off-by-One Error in imlib2 Affects Remote Functionality
CVE-2016-3993

7.5HIGH

Key Information:

Vendor

Enlightenment

Status
Imlib2
Vendor
CVE Published:
13 May 2016

What is CVE-2016-3993?

An off-by-one error in the __imlib_MergeUpdate function within lib/updates.c of imlib2 versions prior to 1.4.9 allows remote attackers to exploit crafted coordinates, potentially leading to a denial of service. This can result in out-of-bounds reads and application crashes, posing significant security risks.

References

https://git.enlightenment.org/legacy/imlib2.git/commit/?i...
x_refsource_CONFIRM
https://sourceforge.net/p/enlightenment/mailman/message/3...
mailing-listx_refsource_MLIST
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.