{"id":"CVE-2016-10722","details":"partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application.","modified":"2026-04-10T03:47:40.407552Z","published":"2018-05-02T23:29:00.400Z","references":[{"type":"REPORT","url":"https://github.com/Thomas-Tsai/partclone/issues/71"},{"type":"EVIDENCE","url":"https://david.gnedt.at/blog/2016/11/14/advisory-partclone-fat-bitmap-heap-overflow/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/thomas-tsai/partclone","events":[{"introduced":"0"},{"fixed":"424815e847268ddc6325b2d07bea0ed21d408202"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.2.88"}]}}],"versions":["0.2.26-stable","0.2.3","0.2.47","0.2.48-stable","0.2.54","0.2.55","0.2.58","0.2.60","0.2.61","0.2.62","0.2.65","0.2.67","0.2.68","0.2.69","0.2.70","0.2.71","0.2.72","0.2.73","0.2.75","0.2.76","0.2.8","0.2.80","0.2.81","0.2.82","0.2.83","debian/0.2.33","debian/0.2.34","stable"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10722.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}