Vulnerability CVE-2016-5825

Vulnerability Name:

CVE-2016-5825 (CCN-114633)

Assigned:

2016-06-25

Published:

2016-06-25

Updated:

2019-03-04

Summary:

The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2016-5825

Source: CCN
Type: Libical Web site
Libical

Source: CCN
Type: oss-sec Mailing List, Sat, 25 Jun 2016 08:54:42 -0400 (EDT)
Re: libical 0.47 SEGV on unknown address

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20160625 Re: libical 0.47 SEGV on unknown address

Source: BID
Type: Third Party Advisory, VDB Entry
91459

Source: MISC
Type: Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1280832

Source: XF
Type: UNKNOWN
libical-cve20165825-dos(114633)

Source: CCN
Type: Packet Storm Security [06-25-2016]
libical 0.47 / 1.0 Crash

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-5825

Vulnerable Configuration:

Configuration 1:

cpe:/a:libical_project:libical:0.47:*:*:*:*:*:*:*

OR cpe:/a:libical_project:libical:1.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:libical_project:libical:0.47:*:*:*:*:*:*:*

OR cpe:/a:libical_project:libical:1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20165825	V	CVE-2016-5825	2022-09-02
oval:org.opensuse.security:def:34018	P	Security update for mariadb (Moderate)	2021-12-30
oval:org.opensuse.security:def:31335	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:30281	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:34606	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:34595	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:34594	P	Security update for postgresql12 (Important)	2021-11-22
oval:org.opensuse.security:def:31296	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30128	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:34536	P	Security update for mariadb (Moderate)	2021-09-09
oval:org.opensuse.security:def:33703	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:31247	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:33692	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:33691	P	Security update for qemu (Important)	2021-07-28
oval:org.opensuse.security:def:34492	P	Security update for curl (Moderate)	2021-07-23
oval:org.opensuse.security:def:33947	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:32941	P	Security update for spice (Important)	2021-06-08
oval:org.opensuse.security:def:36128	P	freeradius-server-2.1.1-7.18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36087	P	apache2-mod_security2-2.7.1-0.2.18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33922	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:31191	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:34428	P	Security update for the Linux Kernel (Important)	2021-05-12
oval:org.opensuse.security:def:31162	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32076	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:33786	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:30042	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:33097	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:35290	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31356	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:33986	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:34467	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:35231	P	Security update for the Linux Kernel (Important)	2020-12-09
oval:org.opensuse.security:def:30585	P	Security update for OpenSSH	2020-12-01
oval:org.opensuse.security:def:27094	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33203	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30584	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27037	P	syslog-ng on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33154	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31125	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26956	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29260	P	Security update for vim (Important)	2020-12-01
oval:org.opensuse.security:def:26828	P	system-config-printer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29216	P	Security update for perl-XML-LibXML (Important)	2020-12-01
oval:org.opensuse.security:def:26764	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32854	P	enscript on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29199	P	Security update for openssh (Important)	2020-12-01
oval:org.opensuse.security:def:26753	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32797	P	tftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29160	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26752	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32703	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29111	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32568	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29057	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32490	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28905	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32479	P	LibVNCServer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28821	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:32478	P	Security update for zsh (Moderate)	2020-12-01
oval:org.opensuse.security:def:28764	P	Security update for LibreOffice	2020-12-01
oval:org.opensuse.security:def:34379	P	Security update for tiff (Low)	2020-12-01
oval:org.opensuse.security:def:32038	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28679	P	Security update for flac	2020-12-01
oval:org.opensuse.security:def:34321	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:30487	P	Security update for curl	2020-12-01
oval:org.opensuse.security:def:28548	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:34164	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:30443	P	Security update for zypper	2020-12-01
oval:org.opensuse.security:def:28480	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:34075	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30424	P	Security update for xorg-x11-libXv	2020-12-01
oval:org.opensuse.security:def:28469	P	Security update for xorg-x11-libXv (Moderate)	2020-12-01
oval:org.opensuse.security:def:30385	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28201	P	Recommended update for libical (Moderate)	2020-12-01
oval:org.opensuse.security:def:28468	P	Security update for xorg-x11-libXrender (Moderate)	2020-12-01
oval:org.opensuse.security:def:30336	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:35449	P	Security update for perl (Low)	2020-12-01
oval:org.opensuse.security:def:35405	P	Security update for openssh-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35378	P	Security update for ntp (Important)	2020-12-01
oval:org.opensuse.security:def:35339	P	Security update for mutt	2020-12-01
oval:org.opensuse.security:def:29985	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:29898	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31400	P	Security update for perl-Archive-Zip (Moderate)	2020-12-01
oval:org.opensuse.security:def:29766	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:35072	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29693	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:34982	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:29682	P	Security update for ed	2020-12-01
oval:org.opensuse.security:def:34925	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:29934	P	Security update for libical (Moderate)	2020-12-01
oval:org.opensuse.security:def:29681	P	Security update for ecryptfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:34826	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:28166	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:34690	P	Security update for xorg-x11	2020-12-01
oval:org.opensuse.security:def:27528	P	opie on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31036	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:27484	P	libsndfile-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30949	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:27470	P	libpcp3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35214	P	Recommended update for libical (Moderate)	2020-12-01
oval:org.opensuse.security:def:30892	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:27431	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35174	P	Security update for kvm	2020-12-01
oval:org.opensuse.security:def:30802	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:27382	P	cscope on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33309	P	libcurl4-openssl1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30670	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27329	P	xorg-x11-libX11-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33265	P	syslog-ng on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30596	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:27178	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33242	P	python-imaging on GA media (Moderate)	2020-12-01
oval:com.ubuntu.cosmic:def:201658250000000	V	CVE-2016-5825 on Ubuntu 18.10 (cosmic) - negligible.	2017-01-27
oval:com.ubuntu.artful:def:20165825000	V	CVE-2016-5825 on Ubuntu 17.10 (artful) - negligible.	2017-01-27
oval:com.ubuntu.trusty:def:20165825000	V	CVE-2016-5825 on Ubuntu 14.04 LTS (trusty) - negligible.	2017-01-27
oval:com.ubuntu.bionic:def:201658250000000	V	CVE-2016-5825 on Ubuntu 18.04 LTS (bionic) - negligible.	2017-01-27
oval:com.ubuntu.bionic:def:20165825000	V	CVE-2016-5825 on Ubuntu 18.04 LTS (bionic) - negligible.	2017-01-27
oval:com.ubuntu.xenial:def:20165825000	V	CVE-2016-5825 on Ubuntu 16.04 LTS (xenial) - negligible.	2017-01-27
oval:com.ubuntu.xenial:def:201658250000000	V	CVE-2016-5825 on Ubuntu 16.04 LTS (xenial) - negligible.	2017-01-27
oval:com.ubuntu.cosmic:def:20165825000	V	CVE-2016-5825 on Ubuntu 18.10 (cosmic) - negligible.	2017-01-27
oval:com.ubuntu.disco:def:201658250000000	V	CVE-2016-5825 on Ubuntu 19.04 (disco) - negligible.	2017-01-27
oval:com.ubuntu.precise:def:20165825000	V	CVE-2016-5825 on Ubuntu 12.04 LTS (precise) - low.	2017-01-27

BACK