High severity7.5NVD Advisory· Published Sep 7, 2016· Updated May 6, 2026
CVE-2016-6855
CVE-2016-6855
Description
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup.
Affected products
28cpe:2.3:a:gnome:eye_of_gnome:3.19.92:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:gnome:eye_of_gnome:3.19.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.20.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.20.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.16.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.17.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.17.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.17.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.17.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.17.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.19.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.19.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:eye_of_gnome:3.19.91:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- git.gnome.org/browse/eog/commit/nvdIssue TrackingPatch
- packetstormsecurity.com/files/138486/Gnome-Eye-Of-Gnome-3.10.2-Out-Of-Bounds-Write.htmlnvdExploitThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-updates/2016-09/msg00021.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/92616nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-3069-1nvdThird Party Advisory
- bugzilla.gnome.org/show_bug.cginvdIssue Tracking
- lists.debian.org/debian-lts-announce/2020/04/msg00018.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVINHHR6VJKXTYYMAYKN5GROKHVT4UKB/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6GFDHLNPUG7JHWM3QLXQNRA7NZGU2KI/nvd
- www.exploit-db.com/exploits/40291/nvd
News mentions
0No linked articles in our index yet.