CVE-2016-4336

{"id": "CVE-2016-4336", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-01-06T21:59:01.633", "references": [{"url": "http://www.talosintelligence.com/reports/TALOS-2016-0173/", "tags": ["Exploit", "Technical Description", "Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "http://www.talosintelligence.com/reports/TALOS-2016-0173/", "tags": ["Exploit", "Technical Description", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the right circumstance could potentially be leveraged by an attacker to gain arbitrary code execution."}, {"lang": "es", "value": "Existe una escritura fuera de l\u00edmites explotable en el an\u00e1lisis Bzip2 de la funcionalidad de conversi\u00f3n Lexmark Perspective Document Filters. Un documento Bzip2 manipulado puede conducir a un desbordamiento de b\u00fafer basado en pila provocando una escritura fuera de l\u00edmites que bajo la circunstancia adecuada podr\u00eda ser aprovechado potencialmente por un atacante para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lexmark:perceptive_document_filters:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "702932F0-E502-42D1-97AD-13E47DD21209"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}