Home > Vulnerability Database > WS-2016-7083

Mend.io Vulnerability Database

WS-2016-7083

Good to know:

Date: December 13, 2016

In Kitware/VTK, version v3.2.0 to v7.1.1, there is a buffer overflow vulnerability, as a result of the program trying to capture input into destination array without checking its length first. This issue may allow an attacker to crash the program, or to execute arbitrary code on the system.

Language: C++

Severity Score

7.3

Related Resources (2)

Url: https://github.com/Kitware/VTK/commit/704b29222ea92c20b22f280ae8e49a68d2aafded

Url: https://www.mend.io/vulnerability-database/WS-2016-7083

Severity Score

7.3

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Top Fix

Upgrade Version

Upgrade to version v8.0.0

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2016-7083

Good to know:

Date: December 13, 2016

Language: C++

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?