Vulnerability Details : CVE-2014-5116
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2014-5116
- cpe:2.3:a:cairographics:cairo:1.10.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-5116
2.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-5116
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2014-5116
-
http://www.exploit-db.com/exploits/33384
Wireshark 1.10.7 - Denial of Service (PoC) - Windows dos ExploitExploit
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9761
9761 – Null pointer dereference in Cairo if 50,000 characters pasted into the filter input box
Jump to