header-logo
Suggest Exploit
vendor:
Eye of Gnome
by:
Kaslov Dmitri
7,5
CVSS
HIGH
Out-of-bounds-write
125
CWE
Product Name: Eye of Gnome
Affected Version From: 3.10.2
Affected Version To: 2.44.1
Patch Exists: YES
Related CWE: CVE-2016-6855
CPE: a:gnome:eye_of_gnome
Metasploit: https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2016-6855/https://www.rapid7.com/db/vulnerabilities/suse-cve-2016-6855/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2016-6855/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2016-6855/https://www.rapid7.com/db/vulnerabilities/debian-cve-2016-6855/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2016-6855/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 14.04 LTS
2016

Gnome Eye of Gnome Out-of-bounds-write

GMarkup requires valid UTF8 input strings and would cause odd looking messages if given invalid input. This could also trigger an out-of-bounds write in glib before 2.44.1.

Mitigation:

Upgrade to glib version 2.44.1 or later
Source

Exploit-DB raw data:

# Exploit Title: Gnome Eye of Gnome Out-of-bounds-write
# Exploit Author: Kaslov Dmitri
# Vendor Homepage: https://wiki.gnome.org/Apps/EyeOfGnome
# Version: 3.10.2
# Tested on: Ubuntu 14.04 LTS
# CVE: CVE-2016-6855

Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40291.zip


Reported: 19-August-2016
Fixed: 21-Agugst-2016 (fix will go into next software release)

GMarkup requires valid UTF8 input strings and would cause odd
looking messages if given invalid input. This could also trigger an
out-of-bounds write in glib before 2.44.1

Navigation

Suggest Exploit

Services By CQR