SB2017012802 - Multiple vulnerabilities in libical
Published: January 28, 2017 Updated: January 30, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2016-5823)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error when processing a specially crafted ics file. A remote attackers can cause a denial of service (use-after-free).
2) Use-after-free (CVE-ID: CVE-2016-9584)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a specially crafted ics files. A remote attackers can cause a denial of service (use-after-free) and possibly read heap memory.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Out-of-bounds read (CVE-ID: CVE-2016-5827)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary error in the icaltime_from_string() function. A remote attacker can pass a specially crafted string to the icalparser_parse_string() function, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2016-5826)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary error in the parser_get_next_char() function. A remote attacker can pass a string to the icalparser_parse_string() function, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
5) Out-of-bounds read (CVE-ID: CVE-2016-5825)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary error in the icalparser_parse_string function. A remote attacker can create a specially crafted ics file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
6) Use-after-free (CVE-ID: CVE-2016-5824)
The vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a use-after-free error when processing ics Calendar files. A remote attackers can trick the victim to open a specially crafted calendar file, trigger user-after-free error and crash the affected application.
Remediation
Install update from vendor's website.
References
- http://www.openwall.com/lists/oss-security/2016/06/25/4
- http://www.openwall.com/lists/oss-security/2016/12/15/5
- http://www.securityfocus.com/bid/94948
- https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
- https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
- https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
- http://www.openwall.com/lists/oss-security/2017/01/20/16
- https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
- https://github.com/libical/libical/issues/235
- https://github.com/libical/libical/issues/251
- https://github.com/libical/libical/issues/286