{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2016-20041", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:33:27.876Z", "datePublished": "2026-03-28T11:58:03.126Z", "dateUpdated": "2026-03-30T17:40:09.049Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:03.126Z"}, "title": "Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter", "descriptions": [{"lang": "en", "value": "Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "affected": [{"vendor": "yasr", "product": "Yasr Screen Reader", "versions": [{"version": "0.6.9-5", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/39734", "name": "ExploitDB-39734", "tags": ["exploit"]}, {"url": "http://yasr.sourceforge.net/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/yasr-5-buffer-overflow-via-command-line-parameter"}], "credits": [{"lang": "en", "value": "Juan Sacco - http://www.exploitpack.com - jsacco@exploitpack.com, Juan Sacco\"", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2016-04-26T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T17:32:47.391066Z", "id": "CVE-2016-20041", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T17:40:09.049Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-20041", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T17:32:47.391066Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T17:32:53.142Z"}}], "cna": {"title": "Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco - http://www.exploitpack.com - jsacco@exploitpack.com, Juan Sacco\""}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "yasr", "product": "Yasr Screen Reader", "versions": [{"status": "affected", "version": "0.6.9-5"}]}], "datePublic": "2016-04-26T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/39734", "name": "ExploitDB-39734", "tags": ["exploit"]}, {"url": "http://yasr.sourceforge.net/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/yasr-5-buffer-overflow-via-command-line-parameter", "name": "VulnCheck Advisory: Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:03.126Z"}}}, "cveMetadata": {"cveId": "CVE-2016-20041", "state": "PUBLISHED", "dateUpdated": "2026-03-30T17:40:09.049Z", "dateReserved": "2026-03-28T11:33:27.876Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:03.126Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution."}, {"lang": "es", "value": "Yasr 0.6.9-5 contiene una vulnerabilidad de desbordamiento de b\u00fafer que permite a atacantes locales bloquear la aplicaci\u00f3n o ejecutar c\u00f3digo arbitrario al proporcionar un argumento sobredimensionado al par\u00e1metro -p. Los atacantes pueden invocar yasr con una carga \u00fatil manipulada que contiene datos basura, shellcode y una direcci\u00f3n de retorno para sobrescribir la pila y desencadenar la ejecuci\u00f3n de c\u00f3digo."}], "id": "CVE-2016-20041", "lastModified": "2026-05-01T15:21:32.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:15:59.860", "references": [{"source": "disclosure@vulncheck.com", "url": "http://yasr.sourceforge.net/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/39734"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/yasr-5-buffer-overflow-via-command-line-parameter"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.9-5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Yasr Screen Reader", "source": "cna", "vendor": "yasr"}, "product": "yasr_screen_reader", "vendor": "yasr"}], "analysis": {"en": {"generated_at": "2026-03-28T13:52:39.572655+00:00", "value": {"mitigation_remediation": ["Update to the latest Yasr release (e.g., 0.6.9-6 or newer) from the vendor\u2019s website or source repository", "If an update is not immediately available, restrict execution of yasr to trusted users only by adjusting file permissions or user group membership", "As a temporary workaround, remove or disable the -p command\u2011line option from the execution environment to prevent exploitation"], "summary": {"action": "Patch Immediately", "impact": "Local Code Execution via Buffer Overflow"}, "threat_synthesis": {"affected_systems": "The vulnerability affects only Yasr Screen Reader version 0.6.9-5. Systems running this build or earlier are at risk; newer releases are not documented as affected.", "description_and_impact": "A buffer overflow vulnerability exists in Yasr Screen Reader version 0.6.9-5. The flaw is triggered when an attacker supplies an oversized argument to the -p command\u2011line parameter. An attacker who can run the program locally may craft a payload containing junk data, shellcode, and a return address to overwrite the stack, causing the application to crash or allowing arbitrary code to be executed.", "risk_and_exploitability": "The CVSS score of 8.6 signifies a high severity issue. Because exploitation requires local execution and the vulnerability is not listed in CISA\u2019s KEV catalog, exposure is limited to users who can run Yasr on the target machine. Nevertheless, once the local attacker supplies a malicious -p argument, they can achieve complete control of the application and potentially the underlying system."}}}}, "created": "2026-03-29T20:32:29.718534+00:00", "updated": "2026-03-30T06:59:24.203673+00:00", "vendors": ["yasr", "yasr$PRODUCT$yasr_screen_reader"]}