Null Pointer Dereference Vulnerability in GNOME Structured File Library
CVE-2016-9888

5.5MEDIUM

Key Information:

Vendor

Gnome
Status
Libgsf
Vendor
CVE Published:
8 December 2016

What is CVE-2016-9888?

A vulnerability exists within the 'tar_directory_for_file()' function in the GNOME Structured File Library prior to version 1.14.41. This flaw allows an attacker to craft a malicious TAR file that, when processed, triggers a Null pointer dereference, potentially leading to application crashes. Users of affected versions should update their libraries to mitigate the risks associated with this vulnerability.

References

https://secunia.com/advisories/71201/
x_refsource_MISC
https://secunia.com/secunia_research/2016-17/
x_refsource_MISC
http://www.securityfocus.com/bid/94860
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.