CVE-2016-1834
Severity
7.8HIGH
EPSS
2.4%
top 15.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateMay 14
Description
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages10 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04, Enterprise Linux 7.2, 7.3, 7.4, 7.6, 7.5
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-5248-m677-h7p5: Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2↗2022-05-14
OSV
▶
CVEList
▶
📋Vendor Advisories
7💬Community
3Bugzilla▶
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-a↗2016-06-24
Bugzilla▶
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fe↗2016-06-24