Base Score

MEDIUM5.5

CVE-2016-9082

Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.

VectorLOCAL

Published Bycve@mitre.org

Published DateFeb 03, 2017, 15:59

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://www.openwall.com/lists/oss-security/2016/10/27/2
http://www.securityfocus.com/bid/93931
https://bugs.freedesktop.org/attachment.cgi?id=127421
https://bugs.freedesktop.org/show_bug.cgi?id=98165
https://bugzilla.redhat.com/show_bug.cgi?id=1312337
https://security.gentoo.org/glsa/201904-01

Base Score

MEDIUM5.5

Weakness Type (CWE):CWE-190

CVSS Metrics

Base Score

5.5

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH