Off-by-One Error in imlib2 Affects Remote Functionality
CVE-2016-3993

7.5HIGH

Key Information:

Vendor: Enlightenment
Status: Imlib2
Vendor: CVE Published:; 13 May 2016

Summary

An off-by-one error in the __imlib_MergeUpdate function within lib/updates.c of imlib2 versions prior to 1.4.9 allows remote attackers to exploit crafted coordinates, potentially leading to a denial of service. This can result in out-of-bounds reads and application crashes, posing significant security risks.

References

https://git.enlightenment.org/legacy/imlib2.git/commit/?i...

x_refsource_CONFIRM

https://sourceforge.net/p/enlightenment/mailman/message/3...

mailing-listx_refsource_MLIST

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 13, 2016
Vulnerability Reserved
Apr 10, 2016

.

CVE-2016-3993 : Off-by-One Error in imlib2 Affects Remote Functionality | SecurityVulnerability.io