Heap buffer over-read vulnerability in libical 0.47 was found in icalparser_parse_string function that can be triggered by malformed ICS file. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832 CVE assignment: http://seclists.org/oss-sec/2016/q2/604
(In reply to Adam Mariš from comment #0) > Upstream bug: > https://bugzilla.mozilla.org/show_bug.cgi?id=1280832 Just a note that Mozilla is not a libical upstream. The libical upstream is http://libical.github.io/libical/ and used to be on SourceForge https://sourceforge.net/projects/freeassociation/