CVE-2016-5827 is a remotely reachable denial-of-service vulnerability in libical’s time-string parsing path. According to NVD, crafted input passed to icalparser_parse_string can trigger an out-of-bounds heap read in icaltime_from_string, affecting libical 0.47 and 1.0.0. The published CVSS v3.1 score is 7.5 (HIGH), with network attack, no privileges, and no user interaction required, making exposure depe [truncated]
CVE-2016-5826 is a high-severity denial-of-service issue in libical. A crafted string passed to icalparser_parse_string can drive parser_get_next_char into an out-of-bounds heap read, which can crash the process or otherwise disrupt service. The NVD lists affected CPEs for libical 0.47 and 1.0 and classifies the weakness as CWE-125 (out-of-bounds read).
CVE-2016-5825 is a denial-of-service vulnerability in libical’s icalparser_parse_string function. According to NVD, the issue affects libical versions 0.47 and 1.0 and can be triggered by a crafted ICS file, leading to an out-of-bounds heap read (CWE-125). The published CVSS 3.0 vector rates it as medium severity and emphasizes availability impact.
CVE-2016-5823 is a denial-of-service vulnerability in libical’s icalproperty_new_clone function. According to NVD, libical 0.47 and 1.0 are affected, and the flaw is a use-after-free that can be triggered through a crafted ICS file. The published CVSS 3.0 vector indicates the issue has no confidentiality or integrity impact, but it can significantly affect availability.
CVE-2016-9584 is a critical libical flaw caused by a use-after-free while processing crafted .ics content. According to NVD, the issue can let a remote attacker trigger denial of service and possibly read heap memory, with affected libical versions through 2.0.
