Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libiberty@20161220-1
purl pkg:deb/debian/libiberty@20161220-1
Next non-vulnerable version 20190122-1
Latest non-vulnerable version 20230104-1
Risk 1.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-qkwh-nb7j-47fq
Aliases:
CVE-2016-4491
The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."
20190122-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (8)
Vulnerability Summary Aliases
VCID-5ans-3drb-7yer Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec." CVE-2016-4488
VCID-5b37-sucb-1fav The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. CVE-2016-6131
VCID-934s-drs5-33en Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths. CVE-2016-4490
VCID-nyhf-vc2f-2ug9 The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary. CVE-2016-4493
VCID-q3r5-atgh-tqgf Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. CVE-2016-2226
VCID-rdcf-a3h2-4qgd Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. CVE-2016-4492
VCID-vmtn-rv3c-j7dg Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables." CVE-2016-4489
VCID-w24z-j31j-sqcr Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec." CVE-2016-4487

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T03:50:47.476226+00:00 Debian Oval Importer Fixing VCID-rdcf-a3h2-4qgd https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T02:43:18.122827+00:00 Debian Oval Importer Affected by VCID-qkwh-nb7j-47fq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T02:34:52.480603+00:00 Debian Oval Importer Fixing VCID-vmtn-rv3c-j7dg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T01:50:47.768612+00:00 Debian Oval Importer Fixing VCID-5b37-sucb-1fav https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T01:47:23.557135+00:00 Debian Oval Importer Fixing VCID-q3r5-atgh-tqgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T01:29:13.188045+00:00 Debian Oval Importer Fixing VCID-nyhf-vc2f-2ug9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T01:24:08.622190+00:00 Debian Oval Importer Fixing VCID-934s-drs5-33en https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T01:16:14.396175+00:00 Debian Oval Importer Fixing VCID-5ans-3drb-7yer https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-06T00:33:34.131531+00:00 Debian Oval Importer Fixing VCID-w24z-j31j-sqcr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0