CyberSec.Space Logo
Back to CVE Browser

CVE-2016-3994

HIGH
8.2
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile13.14th
PublishedMay 13, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.

Affected Platforms (CPE)

πŸ’»
Debian

Debian Linux

= 7.0
πŸ’»
Debian

Debian Linux

= 8.0
πŸ“¦
Enlightenment

Imlib2

<= 1.4.8

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html
πŸ”— http://www.debian.org/security/2016/dsa-3555
πŸ”— https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369
πŸ”— https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
πŸ”— https://sourceforge.net/p/enlightenment/mailman/message/35055012/
πŸ”— http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html
πŸ”— http://www.debian.org/security/2016/dsa-3555
πŸ”— https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369

Related Vulnerabilities

CVE-1999-069810.0

Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.

CVE-2026-234628.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following t...

CVE-2006-70948.5

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bi...

CVE-2026-231717.8

In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave a...