Cyber Posture

CVE-2016-20040

HighPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-20040 is a high-severity Path Traversal (CWE-22) vulnerability in Ticalc (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly validates and sanitizes oversized ROM parameters to prevent stack buffer overflows in the tiemu command-line interface.

SI-16 Memory Protection good match
prevent

Implements memory protections like stack canaries, ASLR, and DEP to block exploitation of stack buffer overflows that overwrite the instruction pointer.

SI-2 Flaw Remediation good match
prevent

Ensures timely remediation of the buffer overflow flaw in TiEmu through vulnerability monitoring, scanning, and patching.

NVD Description

TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack…

more

buffer and overwrite the instruction pointer with malicious addresses.

Deeper analysisAI

CVE-2016-20040 is a buffer overflow vulnerability in TiEmu version 3.03-nogdb+dfsg-3, affecting the ROM parameter handling in the tiemu command-line interface. The flaw occurs when an oversized ROM parameter is supplied, leading to a stack buffer overflow that overwrites the instruction pointer with attacker-controlled addresses. This issue is classified under CWE-22 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Local attackers can exploit this vulnerability by providing a maliciously crafted oversized ROM parameter to the tiemu command-line interface. No user privileges or interaction are required, enabling low-complexity attacks that result in application crashes or arbitrary code execution on the affected system, with high impacts to confidentiality, integrity, and availability.

Advisories and references, including those from VulnCheck at https://www.vulncheck.com/advisories/tiemu-nogdb-dfsg-3-buffer-overflow-via-rom-parameter and an Exploit-DB entry at https://www.exploit-db.com/exploits/39692, detail the vulnerability and proof-of-concept exploit. The TiEmu project page at http://lpg.ticalc.org/prj_tiemu/ provides additional context on the software. No specific patches or mitigations are described in the CVE details.

Details

CWE(s)
CWE-22

Affected Products

Ticalc
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-23536Shared CWE-22
CVE-2025-23422Shared CWE-22
CVE-2024-48885Shared CWE-22
CVE-2024-12849Shared CWE-22
CVE-2026-33656Shared CWE-22
CVE-2025-8343Shared CWE-22
CVE-2025-59384Shared CWE-22
CVE-2026-3051Shared CWE-22
CVE-2025-15031Shared CWE-22
CVE-2025-12062Shared CWE-22

References