VDB

GCVE-110-MAGEIA-2017-26

GCVE-110-MAGEIA-2017-26
Advisory Published
Vulnetix · Advisory published January 27, 2017
Once MSGRemoveContext is invoked (via SCARD_RELEASE_CONTEXT), cardsList is freed. A repeated invocation of SCARD_RELEASE_CONTEXT (with an empty context handle) results in a use-after-free followed by a double-free. After MSGRemoveContext, invocation of SCardEstablishContext enable further use-after-free of cardsList in MSGCheckHandleAssociation, MSGRemoveContext, MSGAddHandle, MSGRemoveHandle. To avoid this problem, destroy the list only when the client connection is terminated. (CVE-2016-10109)

Affected Products

VendorProductVersionsPlatforms
Mageiathunderbird0 (affected), 52.2.1-1.mga5 (unaffected)
Mageiapcsc-lite0 (affected), 1.8.11-4.1.mga5 (unaffected), 1.8.11-4.1.mga5 (unaffected), 0 (affected)
Mageiathunderbird-l10n0 (affected), 52.2.1-1.mga5 (unaffected)

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›