Fluid Attacks Database

Description

The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package
rpm rhel7	libical
rpm rhel6	libical
rpm rhel6	thunderbird
rpm rhel7	thunderbird
rpm rhel5	thunderbird

Aliases

1. CVE-2016-58272. NVD-2016-58273. OSV-2016-5827

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.