CVE-2016-4483

CWE-502Deserialization of Untrusted DataCWE-122Heap-based Buffer OverflowCWE-674Uncontrolled Recursion19 documents9 sources
Severity
7.5HIGH
EPSS
1.3%
top 20.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Xmlsoft Libxml2Debian Debian LinuxOracle Solaris
Timeline
PublishedApr 11
Latest updateMay 13

Description

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDxmlsoft/libxml2< 2.9.4
Debianlibxml2< 2.9.3+dfsg1-1.1+3
NVDoracle/solaris11.3

Also affects: Debian Linux 8.0

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: git.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-xr2r-hh4x-gv58: The xmlBufAttrSerializeTxtContent function in xmlsave2022-05-13
OSV
CVE-2016-4483: The xmlBufAttrSerializeTxtContent function in xmlsave2017-04-11
CVEList
CVE-2016-4483: The xmlBufAttrSerializeTxtContent function in xmlsave2017-04-11

📋Vendor Advisories

10
Apple
CVE-2016-4483: watchOS 2.2.22016-07-18
Apple
CVE-2016-4483: iCloud for Windows 5.2.12016-07-18
Apple
CVE-2016-4483: OS X El Capitan v10.11.6 and Security Update 2016-0042016-07-18
Apple
CVE-2016-4483: iTunes 12.4.2 for Windows2016-07-18
Apple
CVE-2016-4483: iOS 9.3.32016-07-18

💬Community

5
Bugzilla
CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)2016-12-22
Bugzilla
CVE-2016-4483 libxml2: out-of-bounds read [fedora-all]2016-05-04
Bugzilla
CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read [fedora-all]2016-05-04
Bugzilla
CVE-2016-4483 libxml2: out-of-bounds read2016-05-04
Bugzilla
CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read [epel-7]2016-05-04
CVE-2016-4483 (HIGH CVSS 7.5) | The xmlBufAttrSerializeTxtContent f | cvebase.io