CVE-2016-9427

NameCVE-2016-9427
DescriptionInteger overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2966-1, DLA-721-1
Debian Bugs844771

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libgc (PTS)bullseye1:8.0.4-3fixed
bookworm1:8.2.2-3fixed
sid, trixie1:8.2.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libgcsourceexperimental1:7.4.4-1
libgcsourcewheezy1:7.1-9.1+deb7u1DLA-721-1
libgcsourcestretch1:7.4.2-8+deb9u1DLA-2966-1
libgcsource(unstable)1:7.6.4-0.3844771

Notes

[jessie] - libgc <no-dsa> (Minor issue)
https://github.com/ivmai/bdwgc/issues/135
Fixed by https://github.com/ivmai/bdwgc/commit/4e1a6f9d8f2a49403bbd00b8c8e5324048fb84d4
Fixed by https://github.com/ivmai/bdwgc/commit/7292c02fac2066d39dd1bcc37d1a7054fd1e32ee
Fixed by https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7
Search for package or bug name: Reporting problems