CVE-2016-4608
published 2016-07-22CVE-2016-4608: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | icloud | < 5.2.1 | 5.2.1 |
| apple | icloud_for_windows | — | — |
| apple | ios | — | — |
| apple | iphone_os | < 9.3.3 | 9.3.3 |
| apple | itunes | < 12.4.2 | 12.4.2 |
| apple | itunes_12.4.2_for_windows | — | — |
| apple | mac_os_x | < 10.11.6 | 10.11.6 |
| apple | os_x_el_capitan_v10.11.6_and_security_update_2016-004 | — | — |
| apple | tvos | < 9.2.2 | 9.2.2 |
| apple | tvos | — | — |
| apple | watchos | < 2.2.2 | 2.2.2 |
| apple | watchos | — | — |
| debian | debian_linux | — | — |
| debian | libxslt | < libxslt 1.1.29-1 (bookworm) | libxslt 1.1.29-1 (bookworm) |
| fedoraproject | fedora | — | — |
| paloalto | pan-os | — | — |
| xmlsoft | libxslt | < 1.1.29 | 1.1.29 |
| xmlsoft | libxslt | <= 1.1.28 | — |
| xmlsoft | libxslt | >= 0 < 1.1.29-1 | 1.1.29-1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-1 | 1.1.29-1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-1 | 1.1.29-1 |
| xmlsoft | libxslt | >= 0 < 1.1.29-1 | 1.1.29-1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2ubuntu0.1 | 1.1.28-2ubuntu0.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1ubuntu0.1 | 1.1.28-2.1ubuntu0.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Palo Alto
PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2025-02-12·CVSS 7.1
CVE-2015-5312 [HIGH] PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
T he Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2015-5312, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4738, CVE-2018-1111, CVE-2018-14634, CVE-2018-18653, CVE-2019-0145, CVE-2019-8331, CVE-2020-0599, CVE-2020-14343, CVE-2020-14779, CVE-2020-27844, CVE-2020-29569, CVE-2021-21315, CVE-2021-27853, CVE-2021-27854, CVE-2021-27861, CVE-2021-27862, CVE-2021-3618, CVE-2021-3711, CVE-2022-2097, CVE-2022-22816, CVE-2022-40303, CVE-2022-41723, CVE-2022-41741, CVE-2022-41742, CVE-2023-3247, CVE-2023-38408, CVE-2023-44466, CVE-2023-50781, CVE-2023-50782, CVE-2024-12084, CV
Red Hat
libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()
vendor_redhat·2016-07-21·CVSS 9.8
CVE-2016-4610 [CRITICAL] CWE-119 libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()
libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
Statement: Red Hat OpenStack will consume fixes from the base Red Hat Enterprise Linux Operating System. Therefore the package provided by Red Hat OpenStack has been marked as will not fix.
This issue affects the version of libxslt as shipped with Red Hat Enterprise Linux 5, 6 and 7 and was rated as having Moderated security impa
Red Hat
libxslt: allows remote attacker to cause denial of service
vendor_redhat·2016-07-21·CVSS 9.8
CVE-2016-4607 [CRITICAL] CWE-400 libxslt: allows remote attacker to cause denial of service
libxslt: allows remote attacker to cause denial of service
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
Statement: Initial assessment incorrectly noted RHEL8 as being affected, due to the lack of detail in all available reports, including upstream. Apple’s advisory provided no usable or meaningful information. Further investigation determined that upstream corrected this in version 1.1.29, via one of a number of security-relevant commits that
Red Hat
libxslt: Out-of-bounds read at xmlGetLineNoInternal()
vendor_redhat·2016-07-21·CVSS 9.8
CVE-2016-4609 [CRITICAL] CWE-119 libxslt: Out-of-bounds read at xmlGetLineNoInternal()
libxslt: Out-of-bounds read at xmlGetLineNoInternal()
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
Statement: Red Hat OpenStack will consume fixes from the base Red Hat Enterprise Linux Operating System. Therefore the package provided by Red Hat OpenStack has been marked as will not fix.
This issue affects the version of libxslt as shipped with Red Hat Enterprise Linux 5, 6 and 7 and was rated as having Moderated security impact by the Red Hat
Red Hat
libxslt: stack-based buffer overflow at exsltDateFormat()
vendor_redhat·2016-07-21·CVSS 9.8
CVE-2016-4608 [CRITICAL] CWE-121 libxslt: stack-based buffer overflow at exsltDateFormat()
libxslt: stack-based buffer overflow at exsltDateFormat()
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
Statement: Red Hat OpenStack will consume fixes from the base Red Hat Enterprise Linux Operating System. Therefore the package provided by Red Hat OpenStack has been marked as will not fix.
This issue affects the version of libxslt as shipped with Red Hat Enterprise Linux 5, 6 and 7 and was rated as having Moderated security impact by the Red
Apple
CVE-2016-4608: tvOS 9.2.2
vendor_apple·2016-07-18·CVSS 9.8
CVE-2016-4608 [CRITICAL] CVE-2016-4608: tvOS 9.2.2
Apple Security Update: About the security content of tvOS 9.2.2
Product: tvOS
Version: 9.2.2
CVE: CVE-2016-4608
Component: Kernel
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference was addressed through improved input validation.
Apple
CVE-2016-4608: iTunes 12.4.2 for Windows
vendor_apple·2016-07-18·CVSS 9.8
CVE-2016-4608 [CRITICAL] CVE-2016-4608: iTunes 12.4.2 for Windows
Apple Security Update: About the security content of iTunes 12.4.2 for Windows
Product: iTunes 12.4.2 for Windows
CVE: CVE-2016-4608
Component: About Apple security updates
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4608: iOS 9.3.3
vendor_apple·2016-07-18·CVSS 9.8
CVE-2016-4608 [CRITICAL] CVE-2016-4608: iOS 9.3.3
Apple Security Update: About the security content of iOS 9.3.3
Product: iOS
Version: 9.3.3
CVE: CVE-2016-4608
Component: Libc
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.
Apple
CVE-2016-4608: OS X El Capitan v10.11.6 and Security Update 2016-004
vendor_apple·2016-07-18·CVSS 9.8
CVE-2016-4608 [CRITICAL] CVE-2016-4608: OS X El Capitan v10.11.6 and Security Update 2016-004
Apple Security Update: About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004
Product: OS X El Capitan v10.11.6 and Security Update 2016-004
CVE: CVE-2016-4608
Component: LibreSSL
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7.
Apple
CVE-2016-4608: watchOS 2.2.2
vendor_apple·2016-07-18·CVSS 9.8
CVE-2016-4608 [CRITICAL] CVE-2016-4608: watchOS 2.2.2
Apple Security Update: About the security content of watchOS 2.2.2
Product: watchOS
Version: 2.2.2
CVE: CVE-2016-4608
Component: Libc
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.
Apple
CVE-2016-4608: iCloud for Windows 5.2.1
vendor_apple·2016-07-18·CVSS 9.8
CVE-2016-4608 [CRITICAL] CVE-2016-4608: iCloud for Windows 5.2.1
Apple Security Update: About the security content of iCloud for Windows 5.2.1
Product: iCloud for Windows
Version: 5.2.1
CVE: CVE-2016-4608
Component: About Apple security updates
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed through improved memory handling.
Debian
CVE-2016-4610: libxslt - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on ...
vendor_debian·2016·CVSS 9.8
CVE-2016-4610 [CRITICAL] CVE-2016-4610: libxslt - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on ...
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
Scope: local
bookworm: resolved (fixed in 1.1.29-1)
bullseye: resolved (fixed in 1.1.29-1)
forky: resolved (fixed in 1.1.29-1)
sid: resolved (fixed in 1.1.29-1)
trixie: resolved (fixed in 1.1.29-1)
Debian
CVE-2016-4608: libxslt - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on ...
vendor_debian·2016·CVSS 9.8
CVE-2016-4608 [CRITICAL] CVE-2016-4608: libxslt - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on ...
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
Scope: local
bookworm: resolved (fixed in 1.1.29-1)
bullseye: resolved (fixed in 1.1.29-1)
forky: resolved (fixed in 1.1.29-1)
sid: resolved (fixed in 1.1.29-1)
trixie: resolved (fixed in 1.1.29-1)
Debian
CVE-2016-4609: libxslt - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on ...
vendor_debian·2016·CVSS 9.8
CVE-2016-4609 [CRITICAL] CVE-2016-4609: libxslt - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on ...
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
Scope: local
bookworm: resolved (fixed in 1.1.29-1)
bullseye: resolved (fixed in 1.1.29-1)
forky: resolved (fixed in 1.1.29-1)
sid: resolved (fixed in 1.1.29-1)
trixie: resolved (fixed in 1.1.29-1)
GHSA
GHSA-fff3-43qr-9pr4: libxslt in Apple iOS before 9
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2016-4607 [CRITICAL] CWE-119 GHSA-fff3-43qr-9pr4: libxslt in Apple iOS before 9
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
GHSA
GHSA-mwcf-3f34-j646: libxslt in Apple iOS before 9
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2016-4609 [CRITICAL] CWE-119 GHSA-mwcf-3f34-j646: libxslt in Apple iOS before 9
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
GHSA
GHSA-wrmg-qxhg-jgv8: libxslt in Apple iOS before 9
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2016-4610 [CRITICAL] CWE-119 GHSA-wrmg-qxhg-jgv8: libxslt in Apple iOS before 9
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
GHSA
GHSA-35w6-mr78-cpr4: libxslt in Apple iOS before 9
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2016-4608 [CRITICAL] CWE-119 GHSA-35w6-mr78-cpr4: libxslt in Apple iOS before 9
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
OSV
CVE-2016-4610: libxslt in Apple iOS before 9
osv·2016-07-22·CVSS 9.8
CVE-2016-4610 [CRITICAL] CVE-2016-4610: libxslt in Apple iOS before 9
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
OSV
CVE-2016-4609: libxslt in Apple iOS before 9
osv·2016-07-22·CVSS 9.8
CVE-2016-4609 [CRITICAL] CVE-2016-4609: libxslt in Apple iOS before 9
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
OSV
CVE-2016-4607: libxslt in Apple iOS before 9
osv·2016-07-22·CVSS 9.8
CVE-2016-4607 [CRITICAL] CVE-2016-4607: libxslt in Apple iOS before 9
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
OSV
CVE-2016-4608: libxslt in Apple iOS before 9
osv·2016-07-22·CVSS 9.8
CVE-2016-4608 [CRITICAL] CVE-2016-4608: libxslt in Apple iOS before 9
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 mingw-libxslt: various flaws [fedora-all]
bugzilla·2019-06-03·CVSS 9.8
CVE-2016-4607 [CRITICAL] CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 mingw-libxslt: various flaws [fedora-all]
CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 mingw-libxslt: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
Bugzilla
CVE-2016-4610 libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()
bugzilla·2019-06-03·CVSS 9.8
CVE-2016-4610 [CRITICAL] CVE-2016-4610 libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()
CVE-2016-4610 libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()
libxslt allows remote attackers to cause a denial of service (memory corruption)
or possibly have unspecified other impact via unknown vectors, a different
vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and
CVE-2016-4612.
Reference:
http://seclists.org/oss-sec/2017/q2/385
Discussion:
Created libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1716458]
Created mingw-libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1716459]
---
Upstream commit for this issue:
https://gitlab.gnome.org/GNOME/libxslt/commit/93bb314768aafaffad1df15bbee10b7c5423e283
---
The exsltDynMapFunction() function from libxslt before version 1.1.29 doesn't handle namespace entries corre
Bugzilla
CVE-2016-4607 libxslt: allows remote attacker to cause denial of service
bugzilla·2019-06-03·CVSS 9.8
CVE-2016-4607 [CRITICAL] CVE-2016-4607 libxslt: allows remote attacker to cause denial of service
CVE-2016-4607 libxslt: allows remote attacker to cause denial of service
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on
Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before
2.2.2 allows remote attackers to cause a denial of service (memory corruption)
or possibly have unspecified other impact via unknown vectors, a different
vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and
CVE-2016-4612.
http://seclists.org/oss-sec/2017/q2/385
Discussion:
Created libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1716458]
Created mingw-libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1716459]
---
Statement:
Red Hat OpenStack will consume fixes from the base Red Hat Enterprise Linux Operating S
Bugzilla
CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 libxslt: various flaws [fedora-all]
bugzilla·2019-06-03·CVSS 9.8
CVE-2016-4607 [CRITICAL] CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 libxslt: various flaws [fedora-all]
CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 libxslt: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2016-4608 libxslt: stack-based buffer overflow at exsltDateFormat()
bugzilla·2019-06-03·CVSS 9.8
CVE-2016-4608 [CRITICAL] CVE-2016-4608 libxslt: stack-based buffer overflow at exsltDateFormat()
CVE-2016-4608 libxslt: stack-based buffer overflow at exsltDateFormat()
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on
Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before
2.2.2 allows remote attackers to cause a denial of service (memory corruption)
or possibly have unspecified other impact via unknown vectors, a different
vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and
CVE-2016-4612.
Reference:
http://seclists.org/oss-sec/2017/q2/385
Discussion:
Created libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1716458]
Created mingw-libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1716459]
---
Upstream patch for this issue:
https://gitlab.gnome.org/GNOME/libxslt/commit/5d0c6565bab5
Bugzilla
CVE-2016-4609 libxslt: Out-of-bounds read at xmlGetLineNoInternal()
bugzilla·2019-05-29·CVSS 9.8
CVE-2016-4609 [CRITICAL] CVE-2016-4609 libxslt: Out-of-bounds read at xmlGetLineNoInternal()
CVE-2016-4609 libxslt: Out-of-bounds read at xmlGetLineNoInternal()
libxslt before 9.3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and
CVE-2016-4612.
Reference:
https://seclists.org/oss-sec/2017/q2/385
Discussion:
Created libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1714986]
Created mingw-libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1714987]
---
Upstream commit for this issue: https://git.gnome.org/browse/libxslt/commit/?id=8b90c9a699e0eaa98bbeec63a473ddc73aaa238c
---
There's a bug on libxsl before version 1.1.29 where a crafted xsl stylesheet and XML document lead to an out
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00005.htmlhttp://www.securityfocus.com/bid/91826http://www.securitytracker.com/id/1036348https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/https://support.apple.com/HT206899https://support.apple.com/HT206901https://support.apple.com/HT206902https://support.apple.com/HT206903https://support.apple.com/HT206904https://support.apple.com/HT206905http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2016/Jul/msg00005.htmlhttp://www.securityfocus.com/bid/91826http://www.securitytracker.com/id/1036348https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/https://support.apple.com/HT206899https://support.apple.com/HT206901https://support.apple.com/HT206902https://support.apple.com/HT206903https://support.apple.com/HT206904https://support.apple.com/HT206905
2016-07-22
Published