Published: 20/05/2016 Updated: 25/03/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The xmlPArserPrintFileContextInternal function in libxml2 prior to 2.9.4, as used in Apple iOS prior to 9.3.2, OS X prior to 10.11.5, tvOS prior to 9.2.1, and watchOS prior to 2.2.1, allows remote malicious users to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 16.04
canonical ubuntu linux 15.10
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
debian debian linux 8.0
apple iphone os
apple mac os x
apple tvos
apple watchos
redhat enterprise linux server eus 7.2
redhat enterprise linux desktop 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 6.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server aus 7.2
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.4
redhat enterprise linux server aus 7.6
redhat enterprise linux server tus 7.3
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 7.3
redhat enterprise linux server 7.0
redhat enterprise linux server tus 7.6
redhat enterprise linux server tus 7.2
redhat enterprise linux server eus 7.6
redhat enterprise linux server eus 7.4
redhat enterprise linux server 6.0
mcafee web gateway
xmlsoft libxml2

Synopsis Important: Red Hat JBoss Core Services Apache HTTP 2423 Release Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services httpd 2423 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systemsRed Hat Product Security has rated this release as ...

Several security issues were fixed in libxml2 ...

Debian Bug report logs - #823414 libxml2: CVE-2016-3705: stack overflow before detecting invalid XML file Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 4 May 2016 14:09:02 UTC ...

Debian Bug report logs - #813613 libxml2: Heap-buffer overread in libxml2/dictc Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Feb 2016 17:30:02 UTC Severity: important Tags: ...

Debian Bug report logs - #812807 libxml2: CVE-2016-2073: out-of-bounds read in htmlParseNameComplex() Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 26 Jan 2016 19:03:02 UTC Seve ...

Debian Bug report logs - #823405 libxml2: CVE-2016-4483 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 4 May 2016 12:33:02 UTC Severity: important Tags: security, upstream Foun ...

Debian Bug report logs - #819006 libxml2: CVE-2016-3627: stack exhaustion in libxml2 parsing xml files in recover mode Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 22 Mar 2016 1 ...

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application (CVE-2016-1 ...

The Log Correlation Engine (LCE) is potentially impacted by several vulnerabilities in OpenSSL (20160503), libpcre / PCRE, Libxml2, Handlebars, libcurl, and jQuery that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included versions of each library as a ...

Source: codegooglecom/p/google-security-research/issues/detail?id=639 The following crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of latest stable libxml2 (293, released 4 days ago), by feeding a malformed file to xmllint ("$ /xmllint /path/to/file"): --- cut --- ==4210==ERROR: AddressSanitizer: ...

CWE-125 https://support.apple.com/HT206566 http://lists.apple.com/archives/security-announce/2016/May/msg00003.html https://support.apple.com/HT206567 https://support.apple.com/HT206568 https://support.apple.com/HT206564 http://lists.apple.com/archives/security-announce/2016/May/msg00001.html http://lists.apple.com/archives/security-announce/2016/May/msg00002.html http://lists.apple.com/archives/security-announce/2016/May/msg00004.html https://www.debian.org/security/2016/dsa-3593 http://www.ubuntu.com/usn/USN-2994-1 https://access.redhat.com/errata/RHSA-2016:1292 https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9 https://bugs.chromium.org/p/project-zero/issues/detail?id=639 https://bugzilla.gnome.org/show_bug.cgi?id=758588 http://xmlsoft.org/news.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securitytracker.com/id/1035890 https://kc.mcafee.com/corporate/index?page=content&id=SB10170 https://www.tenable.com/security/tns-2016-18 https://security.gentoo.org/glsa/201701-37 http://www.securityfocus.com/bid/90691 http://rhn.redhat.com/errata/RHSA-2016-2957.html https://access.redhat.com/errata/RHSA-2016:2957 https://usn.ubuntu.com/2994-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/39493/

Get Started

CVE-2016-1838

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect