CVE-2016-6855

NameCVE-2016-6855
DescriptionEye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2185-1, DLA-605-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
eog (PTS)bullseye3.38.2-1fixed
bookworm43.2-1fixed
trixie, sid47.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
eogsourcewheezy3.4.2-1+build1+deb7u1DLA-605-1
eogsourcejessie3.14.1-1+deb8u1DLA-2185-1
eogsource(unstable)3.20.4-1

Notes

https://bugzilla.gnome.org/show_bug.cgi?id=770143
https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4

Search for package or bug name: Reporting problems