CVE-2016-4610

CWE-119 — Buffer Overflow CWE-400 — Uncontrolled Resource Consumption CWE-121 — Stack-based Buffer Overflow21 documents8 sources

Severity

9.8CRITICAL

EPSS

5.6%

top 9.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud Apple Itunes Xmlsoft Libxslt +2 more

Timeline

PublishedJul 22

Latest updateMay 13

Description

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDapple/icloud< 5.2.1

▶NVDapple/itunes< 12.4.2

▶NVDxmlsoft/libxslt< 1.1.29

▶Debianlibxslt< 1.1.29-1+3

Also affects: Debian Linux 8.0, Fedora 30

🔴Vulnerability Details

GHSA

GHSA-wrmg-qxhg-jgv8: libxslt in Apple iOS before 9↗2022-05-13

▶

OSV

CVE-2016-4610: libxslt in Apple iOS before 9↗2016-07-22

▶

CVEList

CVE-2016-4610: libxslt in Apple iOS before 9↗2016-07-22

▶

📋Vendor Advisories

Red Hat

libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()↗2016-07-21

▶

Red Hat

libxslt: allows remote attacker to cause denial of service↗2016-07-21

▶

Red Hat

libxslt: Out-of-bounds read at xmlGetLineNoInternal()↗2016-07-21

▶

Red Hat

libxslt: stack-based buffer overflow at exsltDateFormat()↗2016-07-21

▶

Apple

CVE-2016-4610: tvOS 9.2.2↗2016-07-18

▶

💬Community

Bugzilla

CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 mingw-libxslt: various flaws [fedora-all]↗2019-06-03

▶

Bugzilla

CVE-2016-4610 libxslt: Invalid memory access leading to DoS at exsltDynMapFunction()↗2019-06-03

▶

Bugzilla

CVE-2016-4607 libxslt: allows remote attacker to cause denial of service↗2019-06-03

▶

Bugzilla

CVE-2016-4607 CVE-2016-4608 CVE-2016-4610 libxslt: various flaws [fedora-all]↗2019-06-03

▶

Bugzilla

CVE-2016-4608 libxslt: stack-based buffer overflow at exsltDateFormat()↗2019-06-03

▶