{"id":"MGASA-2017-0222","summary":"Updated valgrind packages fix security vulnerabilities","details":"It was discovered that Valgrind incorectly handled certain string\noperations. If a user or automated system were tricked into processing\na specially crafted binary, a remote attacker could possibly execute\narbitrary code (CVE-2016-2226).\n\nIt was discovered that Valgrind incorrectly handled parsing certain\nbinaries. If a user or automated system were tricked into processing a\nspecially crafted binary, a remote attacker could use this issue to\ncause Valgrind to crash, resulting in a denial of service\n(CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490,\nCVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131).\n","modified":"2026-04-16T06:24:24.974687688Z","published":"2017-07-28T18:12:15Z","upstream":["CVE-2016-2226","CVE-2016-4487","CVE-2016-4488","CVE-2016-4489","CVE-2016-4490","CVE-2016-4491","CVE-2016-4492","CVE-2016-4493","CVE-2016-6131"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0222.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21126"},{"type":"WEB","url":"https://www.ubuntu.com/usn/usn-3337-1/"}],"affected":[{"package":{"name":"valgrind","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/valgrind?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.1-2.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0222.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}