{"id":"MGASA-2016-0117","summary":"Updated libotr packages fix security vulnerability","details":"A remote attacker may crash or execute arbitrary code in libotr before\n4.1.1 by sending large OTR messages. While processing specially crafted\nmessages, attacker controlled data on the heap is written out of bounds\n(CVE-2016-2851).\n","modified":"2026-04-16T06:25:03.617404331Z","published":"2016-03-25T06:38:37Z","upstream":["CVE-2016-2851"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0117.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17927"},{"type":"ADVISORY","url":"https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/"}],"affected":[{"package":{"name":"libotr","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libotr?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.1-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0117.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}