CVE-2016-6855

NameCVE-2016-6855
DescriptionEye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-605-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
eog (PTS)jessie3.14.1-1vulnerable
stretch3.20.5-1fixed
buster, sid3.28.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
eogsource(unstable)3.20.4-1medium
eogsourcewheezy3.4.2-1+build1+deb7u1mediumDLA-605-1

Notes

[jessie] - eog <no-dsa> (Minor issue)
https://bugzilla.gnome.org/show_bug.cgi?id=770143
https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4

Search for package or bug name: Reporting problems