Vulnerability Details : CVE-2016-9085
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
Vulnerability category: Overflow
Products affected by CVE-2016-9085
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
- cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9085
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9085
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
1.8
|
1.4
|
NIST |
CWE ids for CVE-2016-9085
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9085
-
https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83 - webm/libwebp - Git at GoogleIssue Tracking;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTR2ZW67TMT7KC24RBENIF25KWUJ7VPD/
[SECURITY] Fedora 24 Update: libwebp-0.5.1-2.fc24 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SH6X3MWD5AHZC5JT4625PGFHAYLR7YW7/
[SECURITY] Fedora 25 Update: libwebp-0.5.1-2.fc25 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://www.securityfocus.com/bid/93928
Libwebp 'gif2webp.c' Multiple Integer Overflow VulnerabilitiesThird Party Advisory;VDB Entry
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5Q42J7EJDKQKWTTHCO4YZMOMP74YPQ/
[SECURITY] Fedora 24 Update: mingw-libwebp-0.5.1-2.fc24 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
https://security.gentoo.org/glsa/201701-61
WebP: Multiple vulnerabilities (GLSA 201701-61) — Gentoo securityThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
[jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar - Pony Mail
-
https://bugzilla.redhat.com/show_bug.cgi?id=1389338
1389338 – (CVE-2016-9085) CVE-2016-9085 libwebp: Several integer overflowsIssue Tracking;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/10/27/3
oss-security - Re: CVE requests: some issues in gif2webpMailing List;Patch;Third Party Advisory
Jump to