cbcvebase.
CVE-2016-1835
published 2016-05-20

CVE-2016-1835: Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows…

PriorityP343high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
5.13%
91.3th percentile
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.

Affected

16 ranges
VendorProductVersion rangeFixed in
appleios
appleiphone_os<= 9.3.1
applemac_os_x<= 10.11.4
appleos_x_el_capitan_v10.11.5_and_security_update_2016-003
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianlibxml2< libxml2 2.9.3+dfsg1-1.1 (bookworm)libxml2 2.9.3+dfsg1-1.1 (bookworm)
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1.12.9.3+dfsg1-1.1
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1.12.9.3+dfsg1-1.1
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1.12.9.3+dfsg1-1.1
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1.12.9.3+dfsg1-1.1
xmlsoftlibxml2>= 0 < 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.8
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1ubuntu0.12.9.3+dfsg1-1ubuntu0.1

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.