CVE-2016-9888
MEDIUM5.5EPSS 0.30%libgsf - security update
發布日:2016/12/8修改日:2025/11/19
也稱為:ALPINE-CVE-2016-9888DEBIAN-CVE-2016-9888
描述
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
受影響套件(4)
- Alpine/libgsffrom 0, < 1.14.41-r0
- Debian/libgsffrom 0, < 1.14.41-1
- Debian/libgsffrom 0, < 1.14.30-2+deb8u1
- Debian/libgsffrom 0, < 1.14.21-2.1+deb7u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |