CVE-2016-2073

CWE-119 — Buffer Overflow CWE-20 — Improper Input Validation13 documents8 sources

Severity

6.5MEDIUM

EPSS

1.3%

top 20.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Canonical Ubuntu Linux Debian Debian Linux

Timeline

PublishedFeb 12

Latest updateMay 13

Description

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDxmlsoft/libxml2< 2.9.4

▶Debianlibxml2< 2.9.3+dfsg1-1.1+3

▶Ubuntulibxml2< 2.9.1+dfsg1-3ubuntu4.8+1

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

GHSA

GHSA-4m8g-g68p-w333: The htmlParseNameComplex function in HTMLparser↗2022-05-13

▶

OSV

libxml2 vulnerabilities↗2016-06-06

▶

CVEList

CVE-2016-2073: The htmlParseNameComplex function in HTMLparser↗2016-02-12

▶

OSV

CVE-2016-2073: The htmlParseNameComplex function in HTMLparser↗2016-02-12

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2016-06-06

▶

Red Hat

libxml2: out-of-bounds read in htmlParseNameComplex()↗2016-01-25

▶

Debian

CVE-2016-2073: libxml2 - The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to...↗2016

▶

💬Community

Bugzilla

CVE-2015-8806 libxml2: heap-buffer overread in dict.c↗2016-02-04

▶

Bugzilla

CVE-2016-2073 mingw-libxml2: libxml2: out-of-bounds read in htmlParseNameComplex() [epel-7]↗2016-01-26

▶

Bugzilla

CVE-2016-2073 mingw-libxml2: libxml2: out-of-bounds read in htmlParseNameComplex() [fedora-all]↗2016-01-26

▶

Bugzilla

CVE-2016-2073 libxml2: out-of-bounds read in htmlParseNameComplex()↗2016-01-26

▶

Bugzilla

CVE-2016-2073 libxml2: out-of-bounds read in htmlParseNameComplex() [fedora-all]↗2016-01-26

▶