Apple · Tvos · CVE-2016-1834
**Name of the Vulnerable Software and Affected Versions**
libxml2 versions prior to 2.9.4
Apple iOS versions prior to 9.3.2
OS X versions prior to 10.11.5
tvOS versions prior to 9.2.1
watchOS versions prior to 2.2.1
**Description**
The issue is caused by a heap-based buffer overflow in the `xmlStrncat` function, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
**Recommendations**
For libxml2 versions prior to 2.9.4, update to version 2.9.4 or later.
For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later.
For OS X versions prior to 10.11.5, update to version 10.11.5 or later.
For tvOS versions prior to 9.2.1, update to version 9.2.1 or later.
For watchOS versions prior to 2.2.1, update to version 2.2.1 or later.