CVE-2016-4658

Updated: 2023-11-04 20:23:20.547111

Description:

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 10
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS libxml2 2.7.6 9.8 CRITICAL Released CLSA-2023:1699381307 2023-11-20 08:30:55
CentOS 7 ELS libxml2 2.9.1 9.8 CRITICAL Already Fixed 2023-11-02 14:09:20
CentOS 8.4 ELS libxml2 2.9.7-9 9.8 CRITICAL Already Fixed 2023-11-02 14:09:20
CentOS 8.5 ELS libxml2 2.9.7-9 9.8 CRITICAL Already Fixed 2023-11-02 14:09:21
CloudLinux 6 ELS libxml2 2.7.6 9.8 CRITICAL Released CLSA-2023:1699381823 2023-11-20 08:30:54
Oracle Linux 6 ELS libxml2 2.7.6 9.8 CRITICAL Released CLSA-2023:1699393971 2023-11-07 20:42:17
Ubuntu 16.04 ELS libxml2 2.9.3 9.8 CRITICAL Already Fixed 2023-11-02 14:09:21
Ubuntu 18.04 ELS libxml2 2.9.4 9.8 CRITICAL Already Fixed 2023-11-02 14:09:21