CVE-2016-9427

NameCVE-2016-9427
DescriptionInteger overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-721-1
NVD severityhigh (attack range: remote)
Debian Bugs844771

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libgc (PTS)wheezy1:7.1-9.1vulnerable
wheezy (security)1:7.1-9.1+deb7u1fixed
jessie1:7.2d-6.4vulnerable
buster, sid, stretch1:7.4.2-8vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libgcsource(unstable)(unfixed)high844771
libgcsourceexperimental1:7.4.4-1high
libgcsourcewheezy1:7.1-9.1+deb7u1highDLA-721-1

Notes

[stretch] - libgc <no-dsa> (Minor issue)
[jessie] - libgc <no-dsa> (Minor issue)
https://github.com/ivmai/bdwgc/issues/135
Fixed by https://github.com/ivmai/bdwgc/commit/4e1a6f9d8f2a49403bbd00b8c8e5324048fb84d4
Fixed by https://github.com/ivmai/bdwgc/commit/7292c02fac2066d39dd1bcc37d1a7054fd1e32ee
Fixed by https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7

Search for package or bug name: Reporting problems