7.5
CVE-2016-4447
- EPSS 13.98%
- Veröffentlicht 09.06.2016 16:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hp ≫ Icewall Federation Agent Version3.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version15.10
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Mcafee ≫ Web Gateway Version >= 7.5.0.0 <= 7.5.2.10
Mcafee ≫ Web Gateway Version >= 7.6.0.0 <= 7.6.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.98% | 0.961 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://xmlsoft.org/news.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
https://support.apple.com/HT206899
https://support.apple.com/HT206901
https://support.apple.com/HT206902
https://support.apple.com/HT206903
https://support.apple.com/HT206904
https://support.apple.com/HT206905
https://www.tenable.com/security/tns-2016-18
http://www.ubuntu.com/usn/USN-2994-1
https://www.debian.org/security/2016/dsa-3593
https://access.redhat.com/errata/RHSA-2016:1292
https://kc.mcafee.com/corporate/index?page=content&id=SB10170
http://www.securitytracker.com/id/1036348
http://www.openwall.com/lists/oss-security/2016/05/25/2
http://www.securityfocus.com/bid/90864
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722
https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709