{"id":"CVE-2016-9888","details":"An error within the \"tar_directory_for_file()\" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.","modified":"2026-03-15T22:23:24.404598Z","published":"2016-12-08T08:59:02.430Z","related":["MGASA-2016-0427","SUSE-SU-2024:3770-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00016.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/94860"},{"type":"REPORT","url":"https://secunia.com/advisories/71201/"},{"type":"REPORT","url":"https://secunia.com/secunia_research/2016-17/"},{"type":"FIX","url":"https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/libgsf","events":[{"introduced":"0"},{"last_affected":"ea13fcb9515b5dc4f2870317a1b89478de9f90bc"},{"fixed":"95a8351a75758cf10b3bf6abae0b6b461f90d9e5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.14.40"}]}}],"versions":["LIBGSF_1_10_0","LIBGSF_1_10_1","LIBGSF_1_11_0","LIBGSF_1_12_0","LIBGSF_1_12_1","LIBGSF_1_12_2","LIBGSF_1_12_3","LIBGSF_1_13_0","LIBGSF_1_13_1","LIBGSF_1_13_2","LIBGSF_1_13_3","LIBGSF_1_13_99","LIBGSF_1_14_0","LIBGSF_1_14_1","LIBGSF_1_14_10","LIBGSF_1_14_11","LIBGSF_1_14_12","LIBGSF_1_14_13","LIBGSF_1_14_14","LIBGSF_1_14_15","LIBGSF_1_14_16","LIBGSF_1_14_17","LIBGSF_1_14_18","LIBGSF_1_14_19","LIBGSF_1_14_2","LIBGSF_1_14_20","LIBGSF_1_14_21","LIBGSF_1_14_22","LIBGSF_1_14_23","LIBGSF_1_14_24","LIBGSF_1_14_25","LIBGSF_1_14_26","LIBGSF_1_14_27","LIBGSF_1_14_28","LIBGSF_1_14_29","LIBGSF_1_14_3","LIBGSF_1_14_30","LIBGSF_1_14_31","LIBGSF_1_14_32","LIBGSF_1_14_33","LIBGSF_1_14_34","LIBGSF_1_14_35","LIBGSF_1_14_36","LIBGSF_1_14_37","LIBGSF_1_14_38","LIBGSF_1_14_39","LIBGSF_1_14_4","LIBGSF_1_14_40","LIBGSF_1_14_5","LIBGSF_1_14_6","LIBGSF_1_14_7","LIBGSF_1_14_8","LIBGSF_1_14_9","LIBGSF_1_1_0","LIBGSF_1_2_0","LIBGSF_1_3_0","LIBGSF_1_4_0","LIBGSF_1_5_0","LIBGSF_1_6_0","LIBGSF_1_7_2","LIBGSF_1_8_0","LIBGSF_1_8_1","LIBGSF_1_8_2","LIBGSF_1_9_0","LIBGSF_1_9_1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"tar_directory_for_file","file":"gsf/gsf-infile-tar.c"},"signature_type":"Function","source":"https://github.com/gnome/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5","digest":{"length":577,"function_hash":"30300424220287727107669688499048731258"},"id":"CVE-2016-9888-7ab71ee1"},{"signature_version":"v1","deprecated":false,"target":{"file":"gsf/gsf-infile-tar.c"},"signature_type":"Line","source":"https://github.com/gnome/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5","digest":{"line_hashes":["262103175350556071554840957830167275387","182396120519103499655931525662374695697","318403798528866774086469506195639606397","267926614081809140441956199085229040430","300561012929153051164727068371397909858","85968937341075246351229598385055345921"],"threshold":0.9},"id":"CVE-2016-9888-7ae24dd2"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9888.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}