CVE-2016-5131
published 2016-07-23CVE-2016-5131: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 10.0 | 10.0 |
| apple | mac_os_x | < 10.12 | 10.12 |
| apple | macos_sierra | — | — |
| apple | tvos | < 10.0 | 10.0 |
| apple | tvos | — | — |
| apple | watchos | < 3.0 | 3.0 |
| apple | watchos_3 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.4+dfsg1-2.1 (bookworm) | libxml2 2.9.4+dfsg1-2.1 (bookworm) |
| android | — | — | |
| chrome | < 52.0.2743.82 | 52.0.2743.82 | |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| suse | linux_enterprise | — | — |
| xmlsoft | libxml2 | <= 2.9.4 | — |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-2.1 | 2.9.4+dfsg1-2.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-2.1 | 2.9.4+dfsg1-2.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv9.8CRITICAL