{"id":"MGASA-2018-0021","summary":"Updated libical packages fix security vulnerability","details":"libical 1.0 allows remote attackers to cause a denial of service\n(use-after-free) via a crafted ics file (CVE-2016-5824).\n\nThe icaltime_from_string function in libical 0.47 and 1.0 allows remote\nattackers to cause a denial of service (out-of-bounds heap read) via a\ncrafted string to the icalparser_parse_string function (CVE-2016-5827).\n\nlibical allows remote attackers to cause a denial of service\n(use-after-free) and possibly read heap memory via a crafted ics file\n(CVE-2016-9584).\n","modified":"2026-02-01T20:53:52.804902Z","published":"2018-01-02T16:25:41Z","related":["CVE-2016-5824","CVE-2016-5827","CVE-2016-9584"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0021.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21397"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2017-07/msg00108.html"}],"affected":[{"package":{"name":"libical","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libical?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0021.json"}},{"package":{"name":"libical","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libical?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0-2.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0021.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}