CVE-2016-0718
published 2016-05-26CVE-2016-0718: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | itunes | — | — |
| apple | itunes_12.6_for_windows | — | — |
| apple | mac_os_x | 10.11.0 – 10.11.5 | — |
| apple | os_x_el_capitan_v10.11.6_and_security_update_2016-004 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.1.1-2 (bookworm) | expat 2.1.1-2 (bookworm) |
| debian | firefox | < expat 2.1.1-2 (bookworm) | expat 2.1.1-2 (bookworm) |
| debian | firefox-esr | < expat 2.1.1-2 (bookworm) | expat 2.1.1-2 (bookworm) |
| debian | libxmltok | < expat 2.1.1-2 (bookworm) | expat 2.1.1-2 (bookworm) |
| eset | endpoint_antivirus | — | — |
| eset | endpoint_security | — | — |
| android | — | — | |
| libexpat_project | libexpat | < 2.2.0 | 2.2.0 |
| mcafee | policy_auditor | < 6.5.1 | 6.5.1 |
| mozilla | firefox | < 48.0 | 48.0 |
| mozilla | firefox | >= 0 < 48.0+build2-0ubuntu0.14.04.1 | 48.0+build2-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 48.0+build2-0ubuntu0.16.04.1 | 48.0+build2-0ubuntu0.16.04.1 |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| python | python | >= 2.7.0 < 2.7.15 | 2.7.15 |
| python | python | >= 3.3.0 < 3.3.7 | 3.3.7 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv9.8CRITICAL