CVE-2016-20040

NameCVE-2016-20040
DescriptionTiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tiemu (PTS)bullseye3.04~git20110801-nogdb+dfsg1-2undetermined
bookworm3.04~git20220826.cda2db4+dfsg-2undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tiemusource(unstable)undetermined

Notes

https://www.exploit-db.com/exploits/39692
Search for package or bug name: Reporting problems