CVE-2016-4738
published 2016-09-25CVE-2016-4738: libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of…
PriorityP346high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
4.15%
89.6th percentile
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 10.0 | 10.0 |
| apple | mac_os_x | < 10.12.0 | 10.12.0 |
| apple | macos_sierra | — | — |
| apple | tvos | < 10.0 | 10.0 |
| apple | tvos | — | — |
| apple | watchos | < 3.0 | 3.0 |
| apple | watchos_3 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxslt | < libxslt 1.1.29-2 (bookworm) | libxslt 1.1.29-2 (bookworm) |
| paloalto | pan-os | — | — |
| xmlsoft | libxslt | >= 0 < 1.1.29-2 | 1.1.29-2 |
| xmlsoft | libxslt | >= 0 < 1.1.29-2 | 1.1.29-2 |
| xmlsoft | libxslt | >= 0 < 1.1.29-2 | 1.1.29-2 |
| xmlsoft | libxslt | >= 0 < 1.1.29-2 | 1.1.29-2 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2ubuntu0.1 | 1.1.28-2ubuntu0.1 |
| xmlsoft | libxslt | >= 0 < 1.1.28-2.1ubuntu0.1 | 1.1.28-2.1ubuntu0.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2025-02-12·CVSS 7.1
CVE-2015-5312 [HIGH] PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2025-0006 Informational Bulletin: Impact of OSS CVEs in PAN-OS
T he Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2015-5312, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4738, CVE-2018-1111, CVE-2018-14634, CVE-2018-18653, CVE-2019-0145, CVE-2019-8331, CVE-2020-0599, CVE-2020-14343, CVE-2020-14779, CVE-2020-27844, CVE-2020-29569, CVE-2021-21315, CVE-2021-27853, CVE-2021-27854, CVE-2021-27861, CVE-2021-27862, CVE-2021-3618, CVE-2021-3711, CVE-2022-2097, CVE-2022-22816, CVE-2022-40303, CVE-2022-41723, CVE-2022-41741, CVE-2022-41742, CVE-2023-3247, CVE-2023-38408, CVE-2023-44466, CVE-2023-50781, CVE-2023-50782, CVE-2024-12084, CV
Ubuntu
Libxslt vulnerabilities
vendor_ubuntu·2017-04-28·CVSS 5.0
CVE-2015-7995 [MEDIUM] Libxslt vulnerabilities
Title: Libxslt vulnerabilities
Summary: Several security issues were fixed in Libxslt.
Holger Fuhrmannek discovered an integer overflow in the
xsltAddTextString() function in Libxslt. An attacker could use
this to craft a malicious document that, when opened, could cause a
denial of service (application crash) or possible execute arbitrary
code. (CVE-2017-5029)
Nicolas Gregoire discovered that Libxslt mishandled namespace
nodes. An attacker could use this to craft a malicious document that,
when opened, could cause a denial of service (application crash)
or possibly execute arbtrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)
Sebastian Apelt discovered that a use-after-error existed in the
xsltDocumentFunctionLoadDocument() f
Red Hat
libxslt: Heap overread due to an empty decimal-separator
vendor_redhat·2016-10-12·CVSS 8.8
CVE-2016-4738 [HIGH] CWE-122 libxslt: Heap overread due to an empty decimal-separator
libxslt: Heap overread due to an empty decimal-separator
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Package: libxslt (Red Hat Enterprise Linux 5) - Will not fix
Package: libxslt (Red Hat Enterprise Linux 6) - Will not fix
Package: libxslt (Red Hat Enterprise Linux 7) - Will not fix
Package: libxslt (Red Hat Enterprise Linux OpenStack Platform 6 (Juno)) - Will not fix
Package: libxslt (Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)) - Will not fix
Package: libxslt (Red Hat Enterprise MRG 2) - Will not fix
Package: libxslt (Red Hat Gluster Storage 3.1) - Will not fix
Package: libxslt (Red Hat OpenStack Platform
Apple
CVE-2016-4738: macOS Sierra 10.12
vendor_apple·2016-09-20·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738: macOS Sierra 10.12
Apple Security Update: About the security content of macOS Sierra 10.12
Product: macOS Sierra
Version: 10.12
CVE: CVE-2016-4738
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4738: tvOS 10
vendor_apple·2016-09-13·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738: tvOS 10
Apple Security Update: About the security content of tvOS 10
Product: tvOS
Version: 10
CVE: CVE-2016-4738
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4738: watchOS 3
vendor_apple·2016-09-13·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738: watchOS 3
Apple Security Update: About the security content of watchOS 3
Product: watchOS 3
CVE: CVE-2016-4738
Component: Kernel
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.
Apple
CVE-2016-4738: iOS 10
vendor_apple·2016-09-13·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738: iOS 10
Apple Security Update: About the security content of iOS 10
Product: iOS
Version: 10
CVE: CVE-2016-4738
Component: Keyboards
Impact: Keyboard auto correct suggestions may reveal sensitive information
Description: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed through improved heuristics.
Debian
CVE-2016-4738: libxslt - libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS b...
vendor_debian·2016·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738: libxslt - libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS b...
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Scope: local
bookworm: resolved (fixed in 1.1.29-2)
bullseye: resolved (fixed in 1.1.29-2)
forky: resolved (fixed in 1.1.29-2)
sid: resolved (fixed in 1.1.29-2)
trixie: resolved (fixed in 1.1.29-2)
GHSA
GHSA-6r6p-3jh3-qx75: libxslt in Apple iOS before 10, OS X before 10
ghsa_unreviewed·2022-05-14
CVE-2016-4738 [HIGH] CWE-119 GHSA-6r6p-3jh3-qx75: libxslt in Apple iOS before 10, OS X before 10
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
OSV
libxslt vulnerabilities
osv·2017-04-28·CVSS 5.0
CVE-2017-5029 [MEDIUM] libxslt vulnerabilities
libxslt vulnerabilities
Holger Fuhrmannek discovered an integer overflow in the
xsltAddTextString() function in Libxslt. An attacker could use
this to craft a malicious document that, when opened, could cause a
denial of service (application crash) or possible execute arbitrary
code. (CVE-2017-5029)
Nicolas Gregoire discovered that Libxslt mishandled namespace
nodes. An attacker could use this to craft a malicious document that,
when opened, could cause a denial of service (application crash)
or possibly execute arbtrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)
Sebastian Apelt discovered that a use-after-error existed in the
xsltDocumentFunctionLoadDocument() function in Libxslt. An attacker
could use this to craft a malici
OSV
CVE-2016-4738: libxslt in Apple iOS before 10, OS X before 10
osv·2016-09-25·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738: libxslt in Apple iOS before 10, OS X before 10
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-4738 libxslt: Heap overread due to an empty decimal-separator
bugzilla·2016-10-26·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738 libxslt: Heap overread due to an empty decimal-separator
CVE-2016-4738 libxslt: Heap overread due to an empty decimal-separator
A heap overread vulnerability was found in xsltFormatNumberConversion function in libxslt. An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string.
Upstream patch:
https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880
Discussion:
Created libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1388779]
---
Created mingw-libxslt tracking bugs for this issue:
Affects: fedora-all [bug 1388780]
Affects: epel-7 [bug 1388781]
---
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4738
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html
---
Bugzilla
CVE-2016-4738 libxslt: Heap overread due to an empty decimal-separator [fedora-all]
bugzilla·2016-10-26·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738 libxslt: Heap overread due to an empty decimal-separator [fedora-all]
CVE-2016-4738 libxslt: Heap overread due to an empty decimal-separator [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versio
Bugzilla
CVE-2016-4738 mingw-libxslt: libxslt: Heap overread due to an empty decimal-separator [fedora-all]
bugzilla·2016-10-26·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738 mingw-libxslt: libxslt: Heap overread due to an empty decimal-separator [fedora-all]
CVE-2016-4738 mingw-libxslt: libxslt: Heap overread due to an empty decimal-separator [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple s
Bugzilla
CVE-2016-4738 mingw-libxslt: libxslt: Heap overread due to an empty decimal-separator [epel-7]
bugzilla·2016-10-26·CVSS 8.8
CVE-2016-4738 [HIGH] CVE-2016-4738 mingw-libxslt: libxslt: Heap overread due to an empty decimal-separator [epel-7]
CVE-2016-4738 mingw-libxslt: libxslt: Heap overread due to an empty decimal-separator [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00010.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00011.htmlhttp://www.debian.org/security/2016/dsa-3709http://www.securityfocus.com/bid/93054http://www.securitytracker.com/id/1036858https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/https://support.apple.com/HT207141https://support.apple.com/HT207142https://support.apple.com/HT207143https://support.apple.com/HT207170http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00010.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00011.htmlhttp://www.debian.org/security/2016/dsa-3709http://www.securityfocus.com/bid/93054http://www.securitytracker.com/id/1036858https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/https://support.apple.com/HT207141https://support.apple.com/HT207142https://support.apple.com/HT207143https://support.apple.com/HT207170
2016-09-25
Published