Published: 07/04/2016 Updated: 17/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C prior to 3.1.3 allow remote malicious users to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache xerces-c\\\\\\+\\\\\\+
fedoraproject fedora 22
fedoraproject fedora 23
fedoraproject fedora 24

Debian Bug report logs - #815907 xerces-c: CVE-2016-0729 Package: src:xerces-c; Maintainer for src:xerces-c is William Blough <bblough@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Feb 2016 15:03:02 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in versio ...

Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code Fo ...

CWE-119 https://issues.apache.org/jira/browse/XERCESC-2061 http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt http://packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffer-Overflow.html http://www.debian.org/security/2016/dsa-3493 http://svn.apache.org/viewvc?view=revision&revision=1727978 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182062.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182597.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182131.html http://www.securityfocus.com/bid/83423 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html http://lists.opensuse.org/opensuse-updates/2016-04/msg00086.html https://security.gentoo.org/glsa/201612-46 http://www.securitytracker.com/id/1035113 http://www.securityfocus.com/archive/1/537620/100/0/threaded http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815907 https://nvd.nist.gov https://www.debian.org/security/./dsa-3493

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-0729

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect