[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-9603":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":79,"aliases":80,"duplicate_of":9,"upstream":81,"downstream":82,"duplicates":145,"related":146,"reserved_at":9,"published_at":159,"modified_at":160,"state":161,"summary":162,"references_raw":171,"kevs":256,"epss":257,"epss_history":260,"metrics":517,"affected":534},"CVE-2016-9603","A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.",null,[11,68],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],{"_key":69,"id":69,"name":70,"description":71,"type":15,"status":72,"abstraction":73,"likelihood_of_exploit":18,"capec":74},"CWE-122","Heap-based Buffer Overflow","A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().","Draft","Variant",[75],{"id":76,"name":77,"techniques":78},"CAPEC-92","Forced Integer Overflow",[],[],[],[],[83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143],{"_key":84},"ALPINE-CVE-2016-9603",{"_key":86},"SUSE-SU-2017:1143-1",{"_key":88},"SUSE-SU-2017:1146-1",{"_key":90},"SUSE-SU-2017:1147-1",{"_key":92},"SUSE-SU-2017:2946-1",{"_key":94},"RHSA-2017:0985",{"_key":96},"RHSA-2017:0987",{"_key":98},"SUSE-SU-2017:1080-1",{"_key":100},"SUSE-SU-2017:1081-1",{"_key":102},"SUSE-SU-2017:1145-1",{"_key":104},"SUSE-SU-2017:1774-1",{"_key":106},"SUSE-SU-2017:2326-1",{"_key":108},"SUSE-SU-2017:2963-1",{"_key":110},"SUSE-SU-2017:2969-1",{"_key":112},"SUSE-SU-2017:3084-1",{"_key":114},"USN-3261-1",{"_key":116},"DLA-1035-1",{"_key":118},"DLA-1270-1",{"_key":120},"DLA-1497-1",{"_key":122},"DLA-939-1",{"_key":124},"UBUNTU-CVE-2016-9603",{"_key":126},"DEBIAN-CVE-2016-9603",{"_key":128},"RHSA-2017:0980",{"_key":130},"RHSA-2017:0981",{"_key":132},"RHSA-2017:0982",{"_key":134},"RHSA-2017:0983",{"_key":136},"RHSA-2017:0984",{"_key":138},"RHSA-2017:0988",{"_key":140},"RHSA-2017:1205",{"_key":142},"RHSA-2017:1206",{"_key":144},"RHSA-2017:1441",[],[147,148,149,150,151,152,153,154,155,156,157,158],{"_key":86},{"_key":88},{"_key":90},{"_key":92},{"_key":98},{"_key":100},{"_key":102},{"_key":104},{"_key":106},{"_key":108},{"_key":110},{"_key":112},"2018-07-27T21:00:00.000Z","2024-08-06T02:59:02.448Z","Modified",{"cisa_kev":163,"cisa_ransomware":163,"cisa_vendor":9,"epss_severity":164,"epss_score":165,"severity":166,"severity_score":167,"severity_version":168,"severity_source":169,"severity_vector":170,"severity_status":161},false,"low",0.00634,"critical",9.9,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",[172,180,186,190,196,201,205,210,215,219,223,227,231,235,239,244,248,252],{"url":173,"sources":174,"tags":176},"http://www.securityfocus.com/bid/96893",[175,169],"cve.org",[177,178,179],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":181,"sources":182,"tags":183},"https://access.redhat.com/errata/RHSA-2017:0983",[175,169],[184,185,179],"Vendor Advisory","X Refsource REDHAT",{"url":187,"sources":188,"tags":189},"https://access.redhat.com/errata/RHSA-2017:0982",[175,169],[184,185,179],{"url":191,"sources":192,"tags":193},"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",[175,169],[194,195],"Mailing List","X Refsource MLIST",{"url":197,"sources":198,"tags":199},"https://security.gentoo.org/glsa/201706-03",[175,169],[184,200,179],"X Refsource GENTOO",{"url":202,"sources":203,"tags":204},"https://access.redhat.com/errata/RHSA-2017:1206",[175,169],[184,185,179],{"url":206,"sources":207,"tags":208},"http://www.securitytracker.com/id/1038023",[175,169],[177,209,179],"X Refsource SECTRACK",{"url":211,"sources":212,"tags":213},"https://support.citrix.com/article/CTX221578",[175,169],[214,179],"X Refsource CONFIRM",{"url":216,"sources":217,"tags":218},"https://access.redhat.com/errata/RHSA-2017:0985",[175,169],[184,185,179],{"url":220,"sources":221,"tags":222},"https://access.redhat.com/errata/RHSA-2017:0987",[175,169],[184,185,179],{"url":224,"sources":225,"tags":226},"https://access.redhat.com/errata/RHSA-2017:0984",[175,169],[184,185,179],{"url":228,"sources":229,"tags":230},"https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html",[175,169],[194,195,179],{"url":232,"sources":233,"tags":234},"https://access.redhat.com/errata/RHSA-2017:0988",[175,169],[184,185,179],{"url":236,"sources":237,"tags":238},"https://access.redhat.com/errata/RHSA-2017:1441",[175,169],[184,185,179],{"url":240,"sources":241,"tags":242},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603",[175,169],[214,243,179],"Issue Tracking",{"url":245,"sources":246,"tags":247},"https://access.redhat.com/errata/RHSA-2017:0981",[175,169],[184,185,179],{"url":249,"sources":250,"tags":251},"https://access.redhat.com/errata/RHSA-2017:0980",[175,169],[184,185,179],{"url":253,"sources":254,"tags":255},"https://access.redhat.com/errata/RHSA-2017:1205",[175,169],[184,185,179],[],{"date":258,"score":165,"percentile":259},"2026-06-04",0.70764,[261,265,267,269,272,275,278,281,284,287,290,293,296,298,301,304,307,310,313,316,319,322,325,328,331,333,335,338,341,344,347,350,353,356,358,361,364,367,370,373,375,379,382,385,388,392,395,398,401,404,406,409,412,415,418,421,424,427,429,432,435,438,441,443,446,448,451,454,456,459,462,465,468,471,474,477,480,482,484,486,489,492,495,498,500,503,506,509,511,514],{"date":262,"score":263,"percentile":264},"2025-11-04",0.01523,0.80646,{"date":266,"score":263,"percentile":264},"2025-11-05",{"date":268,"score":263,"percentile":264},"2025-11-06",{"date":270,"score":263,"percentile":271},"2025-11-07",0.80657,{"date":273,"score":263,"percentile":274},"2025-11-08",0.80663,{"date":276,"score":263,"percentile":277},"2025-11-09",0.8066,{"date":279,"score":263,"percentile":280},"2025-11-10",0.80654,{"date":282,"score":263,"percentile":283},"2025-11-11",0.80655,{"date":285,"score":263,"percentile":286},"2025-11-12",0.80668,{"date":288,"score":263,"percentile":289},"2025-11-13",0.80673,{"date":291,"score":263,"percentile":292},"2025-11-14",0.80679,{"date":294,"score":263,"percentile":295},"2025-11-15",0.80676,{"date":297,"score":263,"percentile":295},"2025-11-16",{"date":299,"score":263,"percentile":300},"2025-11-17",0.80674,{"date":302,"score":263,"percentile":303},"2025-11-18",0.79681,{"date":305,"score":263,"percentile":306},"2025-11-19",0.79687,{"date":308,"score":263,"percentile":309},"2025-11-20",0.79693,{"date":311,"score":263,"percentile":312},"2025-11-21",0.80695,{"date":314,"score":263,"percentile":315},"2025-11-22",0.80696,{"date":317,"score":263,"percentile":318},"2025-11-23",0.80685,{"date":320,"score":263,"percentile":321},"2025-11-24",0.80687,{"date":323,"score":263,"percentile":324},"2025-11-25",0.8069,{"date":326,"score":263,"percentile":327},"2025-11-26",0.80692,{"date":329,"score":263,"percentile":330},"2025-11-27",0.80697,{"date":332,"score":263,"percentile":321},"2025-11-28",{"date":334,"score":263,"percentile":327},"2025-11-29",{"date":336,"score":263,"percentile":337},"2025-11-30",0.80698,{"date":339,"score":263,"percentile":340},"2025-12-01",0.80784,{"date":342,"score":263,"percentile":343},"2025-12-02",0.80787,{"date":345,"score":263,"percentile":346},"2025-12-03",0.80786,{"date":348,"score":263,"percentile":349},"2025-12-04",0.80699,{"date":351,"score":263,"percentile":352},"2025-12-05",0.80708,{"date":354,"score":263,"percentile":355},"2025-12-06",0.80711,{"date":357,"score":263,"percentile":355},"2025-12-07",{"date":359,"score":263,"percentile":360},"2025-12-08",0.80714,{"date":362,"score":263,"percentile":363},"2025-12-09",0.80727,{"date":365,"score":263,"percentile":366},"2025-12-10",0.80753,{"date":368,"score":263,"percentile":369},"2025-12-11",0.80765,{"date":371,"score":263,"percentile":372},"2025-12-12",0.8078,{"date":374,"score":263,"percentile":372},"2025-12-13",{"date":376,"score":377,"percentile":378},"2025-12-14",0.01381,0.79794,{"date":380,"score":377,"percentile":381},"2025-12-15",0.79792,{"date":383,"score":377,"percentile":384},"2025-12-16",0.79802,{"date":386,"score":377,"percentile":387},"2025-12-17",0.79812,{"date":389,"score":390,"percentile":391},"2025-12-18",0.01419,0.80117,{"date":393,"score":390,"percentile":394},"2025-12-19",0.80127,{"date":396,"score":390,"percentile":397},"2025-12-20",0.80121,{"date":399,"score":390,"percentile":400},"2025-12-21",0.80115,{"date":402,"score":390,"percentile":403},"2025-12-22",0.80114,{"date":405,"score":390,"percentile":400},"2025-12-23",{"date":407,"score":390,"percentile":408},"2025-12-24",0.80131,{"date":410,"score":377,"percentile":411},"2025-12-25",0.79863,{"date":413,"score":377,"percentile":414},"2025-12-26",0.79859,{"date":416,"score":377,"percentile":417},"2025-12-27",0.79903,{"date":419,"score":377,"percentile":420},"2025-12-28",0.79847,{"date":422,"score":377,"percentile":423},"2025-12-29",0.79845,{"date":425,"score":377,"percentile":426},"2025-12-30",0.7985,{"date":428,"score":377,"percentile":411},"2025-12-31",{"date":430,"score":377,"percentile":431},"2026-01-01",0.79952,{"date":433,"score":377,"percentile":434},"2026-01-02",0.79949,{"date":436,"score":377,"percentile":437},"2026-01-03",0.79946,{"date":439,"score":377,"percentile":440},"2026-01-04",0.79852,{"date":442,"score":377,"percentile":426},"2026-01-05",{"date":444,"score":377,"percentile":445},"2026-01-06",0.79853,{"date":447,"score":377,"percentile":414},"2026-01-07",{"date":449,"score":377,"percentile":450},"2026-01-08",0.79867,{"date":452,"score":377,"percentile":453},"2026-01-09",0.79868,{"date":455,"score":377,"percentile":450},"2026-01-10",{"date":457,"score":377,"percentile":458},"2026-01-11",0.7986,{"date":460,"score":377,"percentile":461},"2026-01-12",0.79844,{"date":463,"score":377,"percentile":464},"2026-01-13",0.79843,{"date":466,"score":377,"percentile":467},"2026-01-14",0.79865,{"date":469,"score":377,"percentile":470},"2026-01-15",0.79866,{"date":472,"score":377,"percentile":473},"2026-01-16",0.79875,{"date":475,"score":377,"percentile":476},"2026-01-17",0.79882,{"date":478,"score":377,"percentile":479},"2026-01-18",0.79873,{"date":481,"score":377,"percentile":470},"2026-01-19",{"date":483,"score":377,"percentile":450},"2026-01-20",{"date":485,"score":377,"percentile":473},"2026-01-21",{"date":487,"score":377,"percentile":488},"2026-01-22",0.79885,{"date":490,"score":377,"percentile":491},"2026-01-23",0.79914,{"date":493,"score":377,"percentile":494},"2026-01-24",0.79925,{"date":496,"score":377,"percentile":497},"2026-01-25",0.79915,{"date":499,"score":377,"percentile":491},"2026-01-26",{"date":501,"score":377,"percentile":502},"2026-01-27",0.79916,{"date":504,"score":377,"percentile":505},"2026-01-28",0.79912,{"date":507,"score":377,"percentile":508},"2026-01-29",0.79911,{"date":510,"score":377,"percentile":491},"2026-01-30",{"date":512,"score":377,"percentile":513},"2026-01-31",0.7992,{"date":515,"score":377,"percentile":516},"2026-02-01",0.80012,[518,525],{"source":175,"cvss_v2_0":9,"cvss_v3_0":519,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":520,"baseSeverity":521,"vectorString":522,"impactScore":523,"exploitabilityScore":524},5.5,"MEDIUM","CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",6.2,3.3,{"source":169,"cvss_v2_0":526,"cvss_v3_0":531,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":527,"baseSeverity":9,"vectorString":528,"impactScore":529,"exploitabilityScore":530},9,"AV:N/AC:L/Au:S/C:C/I:C/A:C",10,8,{"baseScore":167,"baseSeverity":532,"vectorString":170,"impactScore":529,"exploitabilityScore":533},"CRITICAL",7.9,[535,551,558,566,573,581,587,595,603,609],{"ecosystem":9,"name":536,"vendor":537,"product":536,"cpe_part":538,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":539},"xenserver","citrix","a",[540,543,545,547,549],{"version":541,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.2","cpe",{"version":544,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.2.0:sp1",{"version":546,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.5:sp1",{"version":548,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"version":550,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.1",{"ecosystem":9,"name":552,"vendor":553,"product":554,"cpe_part":555,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":556},"debian linux","debian","debian_linux","o",[557],{"version":548,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":559,"vendor":559,"product":559,"cpe_part":538,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":560},"qemu",[561],{"version":562,"is_range":563,"range_type":542,"version_start":9,"version_start_type":9,"version_end":564,"version_end_type":565,"fixed_in":9},"lt2.9.0",true,"2.9.0","excluding",{"ecosystem":9,"name":567,"vendor":559,"product":568,"cpe_part":538,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":569},"Qemu:","qemu:",[570],{"version":571,"is_range":163,"range_type":175,"version_start":571,"version_start_type":572,"version_end":571,"version_end_type":572,"fixed_in":9},"2.9","including",{"ecosystem":9,"name":574,"vendor":575,"product":576,"cpe_part":555,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":577},"enterprise linux desktop","redhat","enterprise_linux_desktop",[578,580],{"version":579,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0",{"version":548,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":582,"vendor":575,"product":583,"cpe_part":555,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":584},"enterprise linux server","enterprise_linux_server",[585,586],{"version":579,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":548,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":588,"vendor":575,"product":589,"cpe_part":555,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":590},"enterprise linux server aus","enterprise_linux_server_aus",[591,593],{"version":592,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.3",{"version":594,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.4",{"ecosystem":9,"name":596,"vendor":575,"product":597,"cpe_part":555,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":598},"enterprise linux server eus","enterprise_linux_server_eus",[599,600,601],{"version":592,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":594,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":602,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.5",{"ecosystem":9,"name":604,"vendor":575,"product":605,"cpe_part":555,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":606},"enterprise linux workstation","enterprise_linux_workstation",[607,608],{"version":579,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":548,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":610,"vendor":575,"product":610,"cpe_part":538,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":611},"openstack",[612,614,615,616,618,620],{"version":613,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"5.0",{"version":579,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":548,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":617,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8",{"version":619,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9",{"version":621,"is_range":163,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10"]