Vulnerability CVE-2016-5646


Published: 2017-01-06

Description:
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability.

Vendor: Lexmark
Product: Perceptive document filters 
Version: 11.2.0.1732;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.talosintelligence.com/reports/TALOS-2016-0185/

Related CVE
CVE-2019-9933
Various Lexmark products have a Buffer Overflow (issue 3 of 3).
CVE-2019-9932
Various Lexmark products have a Buffer Overflow (issue 2 of 3).
CVE-2019-9931
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.
CVE-2019-9930
Various Lexmark products have an Integer Overflow.
CVE-2019-10059
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.
CVE-2019-10057
Various Lexmark products have CSRF.
CVE-2019-9935
Various Lexmark products have Incorrect Access Control (issue 2 of 2).
CVE-2019-9934
Various Lexmark products have Incorrect Access Control (issue 1 of 2).

Copyright 2019, cxsecurity.com

 

Back to Top