CVE-2016-3993

Published: 13 May 2016

Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
imlib2 Launchpad, Ubuntu, Debian	precise	Released (1.4.4-1ubuntu0.1)
	trusty	Released (1.4.6-2ubuntu0.1)
	upstream	Released (1.4.8-1)
	wily	Ignored (reached end-of-life)
	xenial	Released (1.4.7-1ubuntu0.1)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3993
http://www.openwall.com/lists/oss-security/2016/04/09/5
https://ubuntu.com/security/notices/USN-3075-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›