CVE-2016-4607

CWE-119 — Buffer Overflow CWE-400 — Uncontrolled Resource Consumption CWE-121 — Stack-based Buffer Overflow20 documents7 sources

Severity

9.8CRITICAL

EPSS

3.1%

top 13.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud Apple Iphone OS Apple Itunes +5 more

Timeline

PublishedJul 22

Latest updateMay 13

Description

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDapple/tvos< 9.2.2

▶NVDapple/icloud< 5.2.1

▶NVDapple/itunes< 12.4.2

▶NVDapple/watchos< 2.2.2

▶NVDapple/mac_os_x< 10.11.6

Also affects: Fedora 30

🔴Vulnerability Details

GHSA

GHSA-fff3-43qr-9pr4: libxslt in Apple iOS before 9↗2022-05-13

▶

CVEList

CVE-2016-4607: libxslt in Apple iOS before 9↗2016-07-22

▶

OSV

CVE-2016-4607: libxslt in Apple iOS before 9↗2016-07-22

▶

📋Vendor Advisories

Red Hat

libxslt: allows remote attacker to cause denial of service↗2016-07-21

▶

Red Hat

libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()↗2016-07-21

▶

Red Hat

libxslt: Out-of-bounds read at xmlGetLineNoInternal()↗2016-07-21

▶

Red Hat

libxslt: stack-based buffer overflow at exsltDateFormat()↗2016-07-21

▶

Apple

CVE-2016-4607: iCloud for Windows 5.2.1↗2016-07-18

▶

💬Community

Bugzilla

CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 mingw-libxslt: various flaws [fedora-all]↗2019-06-03

▶

Bugzilla

CVE-2016-4610 libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()↗2019-06-03

▶

Bugzilla

CVE-2016-4607 libxslt: allows remote attacker to cause denial of service↗2019-06-03

▶

Bugzilla

CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 libxslt: various flaws [fedora-all]↗2019-06-03

▶

Bugzilla

CVE-2016-4608 libxslt: stack-based buffer overflow at exsltDateFormat()↗2019-06-03

▶