Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2016-1243

Published: 03/10/2016 Updated: 15/03/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Debian

Vulnerability Summary

Stack-based buffer overflow in the extractTree function in unADF allows remote malicious users to execute arbitrary code via a long pathname.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 8.0

debian debian linux 7.0

unadf project unadf 1.0

Vendor Advisories

Debian CVElist Bug Report Logs: unadf: CVE-2016-1243 and CVE-2016-1244
Debian Bug report logs - #838248 unadf: CVE-2016-1243 and CVE-2016-1244 Package: src:unadf; Maintainer for src:unadf is Debian QA Group <packages@qadebianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Mon, 19 Sep 2016 02:45:02 UTC Severity: grave Tags: patch, security, upstream Found in version unadf/ ...
Debian Security Advisories: DSA-3676-1 unadf -- security update
Tuomas Räsänen discovered two vulnerabilities in unADF, a tool to extract files from an Amiga Disk File dump (adf): CVE-2016-1243 A stack buffer overflow in the function extractTree() might allow an attacker, with control on the content of a ADF file, to execute arbitrary code with the privileges of the program execution CVE-2016-1 ...

Github Repositories

https://github.com/lclevy/ADFlib

A free, portable and open implementation of the Amiga filesystem

ADFlib (Amiga Disk File library) Introduction The ADFlib is a free, portable and open implementation of the Amiga filesystem The initial release was in 1999 It supports: floppy and hard disk images ("dumps") mount, unmount, create a device image (an adf file) or a volume (a partition inside a device) create, open, close, delete, rename/move a file or a directory fi

References

CWE-119http://www.debian.org/security/2016/dsa-3676http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patchhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248http://www.securityfocus.com/bid/93329https://security.gentoo.org/glsa/201804-20https://lists.debian.org/debian-lts-announce/2024/03/msg00015.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838248https://www.debian.org/security/./dsa-3676https://nvd.nist.govhttps://github.com/lclevy/ADFlib
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook