Description
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.
Published: 2026-03-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Buffer Overflow enabling arbitrary code execution with user privileges
Action: Immediate Patch
AI Analysis

Impact

PInfo 0.6.9-5.1 contains a local buffer overflow that can be triggered by supplying an oversized argument to the -m parameter. The attacker crafts an input string consisting of 564 bytes of padding followed by a return address, thereby overwriting the instruction pointer and executing arbitrary shellcode. The vulnerability therefore allows an attacker with local user privileges to run code of their choice within the context of that user.

Affected Systems

The vulnerability affects the PInfo utility, specifically the 0.6.9-5.1 release. Users of this version, followed by those who have not installed newer releases or the patched package from Debian or the upstream project, are impacted.

Risk and Exploitability

The CVSS community score of 8.6 indicates high severity, and the attack vector is local, requiring an attacker to be able to execute commands on the affected system. No EPSS score is supplied, and the issue is not listed in the CISA KEV catalog, but the nature of the overflow allows an attacker to gain arbitrary code execution with the privileges of the running user. As such, the risk is high for systems where PInfo is installed and the -m option is used.

Generated by OpenCVE AI on March 28, 2026 at 13:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update PInfo to a fixed version released after 0.6.9-5.1.
  • If an update is not immediately available, remove or avoid use of the -m parameter until the issue is resolved.

Generated by OpenCVE AI on March 28, 2026 at 13:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Pinfo
Pinfo pinfo
Vendors & Products Pinfo
Pinfo pinfo

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.
Title PInfo 0.6.9-5.1 Local Buffer Overflow via -m Parameter
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Pinfo Pinfo
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T15:51:04.916Z

Reserved: 2026-03-28T11:37:07.937Z

Link: CVE-2016-20044

cve-icon Vulnrichment

Updated: 2026-03-30T15:50:59.329Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-28T12:16:00.447

Modified: 2026-03-30T13:26:07.647

Link: CVE-2016-20044

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:59:21Z

Weaknesses