MEDIUM
Pacman Project
CVE published 2017-01-30
CVE-2016-5434
CVE-2016-5434 is a denial-of-service issue in libalpm, as used by pacman 5.0.1. According to the CVE record, a crafted signature file can cause the package manager to hang in an infinite loop or perform an out-of-bounds read. The issue is publicly documented in the CVE record and linked OSS-security and pacman-dev mailing list references. The supplied NVD data also marks the affected product as pacman 5.0.1.