CVE-2016-5825

Name of the Vulnerable Software and Affected Versions libical versions 0.47 through 1.0

Description The issue allows remote attackers to cause a denial of service, specifically an out-of-bounds heap read, by providing a crafted ics file. This is due to a problem in the icalparser parse string function.

Recommendations For libical versions 0.47 through 1.0, consider avoiding the use of the icalparser parse string function until a patch is available. As a temporary workaround, restrict the processing of ics files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.