Vulnerability Description
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Libgsf | <= 1.14.40 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94860
- https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2020/04/msg00016.html
- https://secunia.com/advisories/71201/Permissions RequiredThird Party Advisory
- https://secunia.com/secunia_research/2016-17/Permissions RequiredThird Party Advisory
- http://www.securityfocus.com/bid/94860
- https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2020/04/msg00016.html
- https://secunia.com/advisories/71201/Permissions RequiredThird Party Advisory
- https://secunia.com/secunia_research/2016-17/Permissions RequiredThird Party Advisory
FAQ
What is CVE-2016-9888?
CVE-2016-9888 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause...
How severe is CVE-2016-9888?
CVE-2016-9888 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9888?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Libgsf.