Published: 23/07/2016 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Use-after-free vulnerability in libxml2 up to and including 2.9.4, as used in Google Chrome prior to 52.0.2743.82, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome
xmlsoft libxml2
apple watchos
apple tvos
apple iphone os
apple mac os x
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
redhat enterprise linux desktop 6.0
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0
suse linux enterprise 12.0
opensuse leap 42.1
opensuse opensuse 13.1
opensuse opensuse 13.2
debian debian linux 8.0
debian debian linux 9.0

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...

Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Topic An update for libxml2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Debian Bug report logs - #840553 libxml2: CVE-2016-4658 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 12 Oct 2016 18:18:02 UTC Severity: grave Tags: fixed-upstream, patch, secur ...

Debian Bug report logs - #840554 libxml2: CVE-2016-5131 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 12 Oct 2016 18:21:01 UTC Severity: grave Tags: fixed-upstream, patch, secur ...

Several vulnerabilities have been discovered in the chromium web browser CVE-2016-1704 The chrome development team found and fixed various issues during internal auditing CVE-2016-1705 The chrome development team found and fixed various issues during internal auditing CVE-2016-1706 Pinkie Pie discovered a way to escape the P ...

Several security issues were fixed in libxml2 ...

Several security issues were fixed in Oxide ...

A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...

Bugs in xmlXPathEvalExpr and xmlXPtrRangeToFunction can lead to a use-after-free and allow control of the instruction pointer ...

Critical Infrastructure Sectors: Critical Manufacturing

CVE-2016-5131

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect