Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2016-4483

Published: 11/04/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libxml2

Vulnerability Summary

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent malicious users to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmlsoft libxml2

debian debian linux 8.0

oracle solaris 11.3

Vendor Advisories

Ubuntu Security Notice: libxml2 vulnerabilities
Several security issues were fixed in libxml2 ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release
Synopsis Important: Red Hat JBoss Core Services Apache HTTP 2423 Release Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services httpd 2423 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systemsRed Hat Product Security has rated this release as ...
Debian CVElist Bug Report Logs: libxml2: CVE-2016-3705: stack overflow before detecting invalid XML file
Debian Bug report logs - #823414 libxml2: CVE-2016-3705: stack overflow before detecting invalid XML file Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 4 May 2016 14:09:02 UTC ...
Debian CVElist Bug Report Logs: libxml2: Heap-buffer overread in libxml2/dict.c
Debian Bug report logs - #813613 libxml2: Heap-buffer overread in libxml2/dictc Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Feb 2016 17:30:02 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: libxml2: CVE-2016-2073: out-of-bounds read in htmlParseNameComplex()
Debian Bug report logs - #812807 libxml2: CVE-2016-2073: out-of-bounds read in htmlParseNameComplex() Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 26 Jan 2016 19:03:02 UTC Seve ...
Debian CVElist Bug Report Logs: libxml2: CVE-2016-4483
Debian Bug report logs - #823405 libxml2: CVE-2016-4483 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 4 May 2016 12:33:02 UTC Severity: important Tags: security, upstream Foun ...
Debian CVElist Bug Report Logs: libxml2: CVE-2016-3627: stack exhaustion in libxml2 parsing xml files in recover mode
Debian Bug report logs - #819006 libxml2: CVE-2016-3627: stack exhaustion in libxml2 parsing xml files in recover mode Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 22 Mar 2016 1 ...
Red Hat: CVE-2016-4483
The xmlBufAttrSerializeTxtContent function in xmlsavec in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization NOTE: this vulnerability may be a duplicate of CVE-2016-3627 ...
Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities
The Log Correlation Engine (LCE) is potentially impacted by several vulnerabilities in OpenSSL (20160503), libpcre / PCRE, Libxml2, Handlebars, libcurl, and jQuery that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included versions of each library as a ...

References

CWE-502https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfdhttp://www.openwall.com/lists/oss-security/2016/06/07/5http://www.openwall.com/lists/oss-security/2016/06/07/4http://www.openwall.com/lists/oss-security/2016/05/04/7http://www.openwall.com/lists/oss-security/2016/05/03/8http://www.debian.org/security/2016/dsa-3593http://www.securityfocus.com/bid/90013https://www.tenable.com/security/tns-2016-18http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttps://security.gentoo.org/glsa/201701-37http://www.securitytracker.com/id/1036348http://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://usn.ubuntu.com/2994-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook