MidnightBSD

Advisories for libical_project

CVE-2016-5823 MEDIUM

The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
libical_project libical 0.47
libical_project libical 1.0
CVE-2016-5824 MEDIUM

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.6
canonical ubuntu_linux 18.04
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server_aus 7.6
libical_project libical 1.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_workstation 6.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_tus 7.6
canonical ubuntu_linux 18.10
CVE-2016-5825 MEDIUM

The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libical_project libical 0.47
libical_project libical 1.0
CVE-2016-5826 MEDIUM

The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libical_project libical 0.47
libical_project libical 1.0
CVE-2016-5827 MEDIUM

The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libical_project libical 1.0.0
libical_project libical 0.47
CVE-2016-9584 MEDIUM

libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
libical_project libical *