#VU33602 Use-after-free - CVE-2016-6265
Published: September 22, 2016 / Updated: August 4, 2020
Vulnerability identifier: #VU33602
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-6265
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Software vendor:
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a crafted PDF file. A remote attackers can cause a denial of service (crash).
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
External links
- http://bugs.ghostscript.com/show_bug.cgi?id=696941
- http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00007.html
- http://www.debian.org/security/2016/dsa-3655
- http://www.openwall.com/lists/oss-security/2016/07/21/7
- http://www.securityfocus.com/bid/92071
- https://security.gentoo.org/glsa/201702-12