CVE-2017-7875

Опубликовано: 14 апр. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.

Ссылки

http://www.securityfocus.com/bid/97689
Third Party Advisory
VDB Entry
https://feh.finalrewind.org/
Patch
Product
https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00021.html
https://security.gentoo.org/glsa/201707-08
http://www.securityfocus.com/bid/97689
Third Party Advisory
VDB Entry
https://feh.finalrewind.org/
Patch
Product
https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00021.html
https://security.gentoo.org/glsa/201707-08

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:feh_project:feh:*:*:*:*:*:*:*:*

Версия до 2.18.2 (включая)

EPSS

Процентиль: 72%

0.00738

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2017-7875

CVSS3: 9.8

ubuntu

почти 9 лет назад

CVE-2017-7875

CVSS3: 9.8

debian

почти 9 лет назад

In wallpaper.c in feh before v2.18.3, if a malicious client pretends t ...

openSUSE-SU-2017:1139-1

suse-cvrf

почти 9 лет назад

Security update for feh

GHSA-7hjr-xp4g-fx7m

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 72%

0.00738

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787