UBUNTU-CVE-2016-4974

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2016-4974
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4974.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-4974
Upstream
  • CVE-2016-4974
Published
2016-07-13T15:59:00Z
Modified
2026-04-22T10:45:55.600851Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.

References

Affected packages

Ubuntu:16.04:LTS / qpid-cpp

Package

Name
qpid-cpp
Purl
pkg:deb/ubuntu/qpid-cpp@0.16-9ubuntu2?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.16-9build1
0.16-9ubuntu1
0.16-9ubuntu2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "libqmf1",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqmf2-1",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqmfconsole2",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqmfengine1",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqpid-perl",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqpid-ruby1.8",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqpidbroker2",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqpidclient2",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqpidcommon2",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqpidmessaging2",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libqpidtypes1",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "librdmawrap2",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "libsslcommon2",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "python-cqmf2",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "python-cqpid",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "python-qmf",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "python-qmf2",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "qmfgen",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "qpid-client",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "qpidd",
            "binary_version": "0.16-9ubuntu2"
        },
        {
            "binary_name": "ruby-qpid",
            "binary_version": "0.16-9ubuntu2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-4974.json"