VulnerableCode Package Details - pkg:deb/ubuntu/valgrind@1:3.12.0-1.1ubuntu1

Search for packages

Vulnerability	Summary	Fixed by
VCID-msks-vp54-aaar Aliases: CVE-2016-4491	The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."	1:3.12.0-1.1ubuntu2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-msks-vp54-aaar
Aliases:
CVE-2016-4491

The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."

1:3.12.0-1.1ubuntu2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1uw9-7g8r-aaan	Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.	CVE-2016-4490
VCID-b4vs-s3v7-aaan	Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."	CVE-2016-4487
VCID-gg7p-bvwe-aaaa	The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.	CVE-2016-4493
VCID-n479-3mn6-aaac	Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.	CVE-2016-4492
VCID-nzvx-gfxd-aaaf	Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.	CVE-2016-2226
VCID-rezr-4az6-aaac	Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."	CVE-2016-4488
VCID-vmu4-tejr-aaan	The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.	CVE-2016-6131
VCID-zs3h-m8bp-aaah	Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables."	CVE-2016-4489

Vulnerability

Summary

Aliases

VCID-1uw9-7g8r-aaan

Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.

CVE-2016-4490

VCID-b4vs-s3v7-aaan

Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."

CVE-2016-4487

VCID-gg7p-bvwe-aaaa

The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.

CVE-2016-4493

VCID-n479-3mn6-aaac

Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.

CVE-2016-4492

VCID-nzvx-gfxd-aaaf

Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

CVE-2016-2226

VCID-rezr-4az6-aaac

Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."

CVE-2016-4488

VCID-vmu4-tejr-aaan

The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.

CVE-2016-6131

VCID-zs3h-m8bp-aaah

Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables."

CVE-2016-4489

Next non-vulnerable version	1:3.12.0-1.1ubuntu2
Latest non-vulnerable version	1:3.12.0-1.1ubuntu2
Risk	2.5