CVE-2016-1578

EUVD-2016-2673
Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously to permission requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
canonicalubuntu_linux
16.04
oxide_projectoxide
-
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
oxide-qt
precise
dne
trusty
Fixed 1.14.7-0ubuntu0.14.04.1
released
wily
Fixed 1.14.7-0ubuntu0.15.10.1
released
xenial
Fixed 1.14.7-0ubuntu1
released
References
http://www.ubuntu.com/usn/USN-2955-1
http://www.ubuntu.com/usn/USN-2955-1