CVE-2016-4448

EPSS 1.2%
Published 09.06.2016 16:59:06
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Affected products Warnungen 0 Metrics 3 CWE 1 References 30

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ Icewall Federation Agent Version3.0

Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0

Apple ≫ watchOS Version <= 2.2.1

Apple ≫ macOS X Version < 10.11.6

Xmlsoft ≫ Libxml2 Version <= 2.9.3

Apple ≫ iCloud Version < 5.2.1

Microsoft ≫ Windows Version-

Apple ≫ iPhone OS Version <= 9.3.2

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.2

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Eus Version7.2

Redhat ≫ Enterprise Linux Server Eus Version7.3

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version7.2

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Apple ≫ iTunes Version <= 12.4.1

Microsoft ≫ Windows

Slackware ≫ Slackware Linux Version14.0

Slackware ≫ Slackware Linux Version14.1

Oracle ≫ Vm Server Version3.3

Oracle ≫ Vm Server Version3.4

Apple ≫ tvOS Version <= 9.2.1

Tenable ≫ Log Correlation Engine Version4.8.0

Mcafee ≫ Web Gateway Version <= 7.5.2.10

Mcafee ≫ Web Gateway Version >= 7.6.0.0 <= 7.6.2.3

Oracle ≫ Linux Version6

Oracle ≫ Linux Version7 Update0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.2%	0.783

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://xmlsoft.org/news.html

Release Notes

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-2957.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Third Party Advisory

http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

Mailing List

Release Notes

http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

Mailing List

Release Notes

http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

Mailing List

Release Notes

http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

Mailing List

Release Notes

http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

Mailing List

Release Notes

https://support.apple.com/HT206899

Release Notes

https://support.apple.com/HT206901

Release Notes

https://support.apple.com/HT206902

Release Notes

https://support.apple.com/HT206903

Release Notes

https://support.apple.com/HT206904

Release Notes

https://support.apple.com/HT206905

Release Notes

https://www.tenable.com/security/tns-2016-18

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1292

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

Third Party Advisory

http://www.securitytracker.com/id/1036348

Third Party Advisory

VDB Entry

http://www.openwall.com/lists/oss-security/2016/05/25/2

Third Party Advisory

Mailing List

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709

Third Party Advisory

http://www.securityfocus.com/bid/90856

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1338700

Third Party Advisory

Issue Tracking

https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9

Vendor Advisory

https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-4448

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-4448

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-4448

EUVD