CVE-2016-1761Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents3 sources
Severity
9.8CRITICALNVD
EPSS
14.0%
top 5.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple Iphone OSApple MAC OS XApple Watchos+2 more
Timeline
PublishedMar 24
Latest updateMay 17

Description

libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDapple/watchos2.1
Appleapple/watchos2.2
NVDapple/mac_os_x10.11.3
NVDapple/iphone_os9.2.1
Appleapple/ios9.3

🔴Vulnerability Details

1
GHSA
GHSA-3f3v-mh9q-2pxq: libxml2 in Apple iOS before 92022-05-17

📋Vendor Advisories

3
Apple
CVE-2016-1761: OS X El Capitan v10.11.4 and Security Update 2016-002
Apple
CVE-2016-1761: watchOS 2.2
Apple
CVE-2016-1761: iOS 9.3