CVE-2016-1840
Severity
7.8HIGH
EPSS
2.1%
top 15.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateMay 14
Description
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages10 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04, Enterprise Linux 7.2, 7.3, 7.4, 7.6, 7.5
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-7v3g-4pq5-c565: Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2↗2022-05-14
OSV▶
CVE-2016-1840: Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2↗2016-05-20
CVEList▶
CVE-2016-1840: Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2↗2016-05-20
📋Vendor Advisories
7Debian▶
CVE-2016-1840: libxml2 - Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 bef...↗2016
💬Community
3Bugzilla▶
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-a↗2016-06-24
Bugzilla▶
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fe↗2016-06-24