CVE-2016-1683

CWE-119Buffer Overflow19 documents9 sources
Severity
7.5HIGH
EPSS
1.0%
top 23.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Google ChromeXmlsoft LibxsltCanonical Ubuntu Linux+7 more
Timeline
PublishedJun 5
Latest updateMay 14

Description

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages8 packages

NVDgoogle/chrome50.0.2661.102
Debianlibxslt< 1.1.29-1+3
NVDxmlsoft/libxslt1.1.28
NVDopensuse/leap42.1

Also affects: Debian Linux 8.0, Linux Enterprise 12.0, Ubuntu Linux 14.04, 15.10, 16.04

🔴Vulnerability Details

4
GHSA
GHSA-9vpp-7p89-rxc5: numbers2022-05-14
OSV
libxslt vulnerabilities2017-04-28
CVEList
CVE-2016-1683: numbers2016-06-05
OSV
CVE-2016-1683: numbers2016-06-05

📋Vendor Advisories

10
Ubuntu
Libxslt vulnerabilities2017-04-28
Apple
CVE-2016-1683: OS X El Capitan v10.11.6 and Security Update 2016-0042016-07-18
Apple
CVE-2016-1683: iCloud for Windows 5.2.12016-07-18
Apple
CVE-2016-1683: iOS 9.3.32016-07-18
Apple
CVE-2016-1683: watchOS 2.2.22016-07-18

💬Community

4
Bugzilla
CVE-2016-1684 CVE-2016-1683 mingw-libxslt: various flaws in libxslt [epel-7]2016-06-24
Bugzilla
CVE-2016-1684 CVE-2016-1683 mingw-libxslt: various flaws in libxslt [fedora-all]2016-06-24
Bugzilla
CVE-2016-1683 CVE-2016-1684 libxslt: various flaws [fedora-all]2016-06-24
Bugzilla
CVE-2016-1683 chromium-browser: out-of-bounds access in libxslt2016-05-26
CVE-2016-1683 (HIGH CVSS 7.5) | numbers.c in libxslt before 1.1.29 | cvebase.io