CVE-2016-1833
Severity
5.5MEDIUM
EPSS
1.2%
top 20.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateMay 14
Description
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages10 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04, Enterprise Linux 7.2, 7.3, 7.4, 7.6, 7.5
Patches
🔴Vulnerability Details
3📋Vendor Advisories
7Debian▶
CVE-2016-1833: libxml2 - The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS befor...↗2016
💬Community
4Bugzilla▶
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-a↗2016-06-24
Bugzilla▶
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fe↗2016-06-24
Bugzilla▶
CVE-2016-3107 pulp: Node certificate containing private key stored in world-readable file↗2016-04-11