CVE-2016-9888

MEDIUM5.5EPSS 0.30%

libgsf - security update

Published: 12/8/2016Modified: 11/19/2025

Also known as:ALPINE-CVE-2016-9888DEBIAN-CVE-2016-9888

Description

An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.

Affected packages (4)

Alpine/libgsffrom 0, < 1.14.41-r0
Debian/libgsffrom 0, < 1.14.41-1
Debian/libgsffrom 0, < 1.14.30-2+deb8u1
Debian/libgsffrom 0, < 1.14.21-2.1+deb7u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-9888
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-9888