参照: Official suse advisory, NVD, CVE.org · CVE 詳細
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-4804 severity low: SUSE including 4 source package names (dosfstools, dosfstools-2.11-121.31.4.1, dosfstools-3.0.26-3.1, dosfstools-3.0.26-6.5), 53 product×package rows across 53 product lines (Image SLES12-SP5-Azure-BYOS, Image SLES12-SP5-Azure-Basic-On-Demand, … (53 product lines)): Fixed 35, Known Not Affected 18.
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.