ID CVE-2016-9085
Summary Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:libwebp_project:libwebp
    cpe:2.3:a:libwebp_project:libwebp
  • Fedora 24
    cpe:2.3:o:fedoraproject:fedora:24
  • Fedora 25
    cpe:2.3:o:fedoraproject:fedora:25
CVSS
Base: 7.5 (as of 06-02-2017 - 13:05)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-00D2F5C19F.NASL
    description This update backports an upstream patch to fix multiple integer overflows (CVE-2016-9085). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-15
    plugin id 94745
    published 2016-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94745
    title Fedora 24 : mingw-libwebp (2016-00d2f5c19f)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-61.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-61 (WebP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in WebP’s gif2webp tool. Please review the CVE identifier and bug reference for details. Impact : A remote attacker, by enticing a user to process a specially crafted file using WebP’s gif2webp tool, could possibly cause a Denial of Service condition or other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-02-13
    plugin id 96747
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96747
    title GLSA-201701-61 : WebP: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-160EC6525E.NASL
    description This update backports an upstream patch to fix multiple integer overflows (CVE-2016-9085). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-15
    plugin id 94523
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94523
    title Fedora 24 : libwebp (2016-160ec6525e)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-26EF59F03D.NASL
    description This update backports an upstream patch to fix multiple integer overflows (CVE-2016-9085). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-15
    plugin id 94992
    published 2016-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94992
    title Fedora 25 : libwebp (2016-26ef59f03d)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-301724F38E.NASL
    description This update backports an upstream patch to fix multiple integer overflows (CVE-2016-9085). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-15
    plugin id 94995
    published 2016-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94995
    title Fedora 25 : mingw-libwebp (2016-301724f38e)
refmap via4
bid 93928
confirm
fedora
  • FEDORA-2016-00d2f5c19f
  • FEDORA-2016-160ec6525e
  • FEDORA-2016-26ef59f03d
gentoo GLSA-201701-61
mlist [oss-security] 20161027 Re: CVE requests: some issues in gif2webp
Last major update 07-02-2017 - 17:42
Published 03-02-2017 - 10:59
Back to Top