Security Vulnerabilities, CVEs, Published In 2016 (Memory corruption) CVSS score >= 5
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
Max CVSS
7.0
EPSS Score
0.04%
Published
2016-12-30
Updated
2023-06-07
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-12-23
Updated
2020-12-14
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
Max CVSS
5.5
EPSS Score
0.17%
Published
2016-12-08
Updated
2016-12-15
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-12-28
Updated
2023-01-17
In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.
Max CVSS
5.3
EPSS Score
0.37%
Published
2016-12-03
Updated
2019-05-30
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-12-28
Updated
2023-01-17
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
Max CVSS
7.8
EPSS Score
0.05%
Published
2016-12-28
Updated
2023-01-17
The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-12-28
Updated
2018-08-13
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
Max CVSS
7.8
EPSS Score
0.47%
Published
2016-12-22
Updated
2023-02-10
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.49%
Published
2016-12-12
Updated
2023-12-29
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.49%
Published
2016-12-12
Updated
2023-12-29
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.49%
Published
2016-12-12
Updated
2023-12-29
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.49%
Published
2016-12-12
Updated
2023-12-29
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.49%
Published
2016-12-12
Updated
2023-12-29
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.49%
Published
2016-12-12
Updated
2023-12-29
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-12-28
Updated
2023-02-12
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
Max CVSS
9.8
EPSS Score
2.23%
Published
2016-11-22
Updated
2018-01-05
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.84%
Published
2016-12-12
Updated
2023-12-29
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.71%
Published
2016-12-12
Updated
2023-12-29
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.84%
Published
2016-12-12
Updated
2023-12-29
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.84%
Published
2016-12-12
Updated
2023-12-29
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.84%
Published
2016-12-12
Updated
2023-12-29