CVE-2016-1838

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.4 Apple iOS versions prior to 9.3.2 Apple OS X versions prior to 10.11.5 Apple tvOS versions prior to 9.2.1 Apple watchOS versions prior to 2.2.1

Description The issue is caused by a buffer overflow in the libxml2 library, which can be exploited by a remote attacker using a specially crafted XML document. This can lead to the execution of arbitrary code or a denial of service due to memory damage. The xmlPArserPrintFileContextInternal function is specifically vulnerable to a heap-based buffer over-read.

Recommendations For libxml2 versions prior to 2.9.4, update to version 2.9.4 or later to resolve the issue. For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later. For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later. For Apple tvOS versions prior to 9.2.1, update to version 9.2.1 or later. For Apple watchOS versions prior to 2.2.1, update to version 2.2.1 or later. As a temporary workaround, consider restricting the use of the xmlPArserPrintFileContextInternal function until a patch is available. Avoid using specially crafted XML documents that could exploit the buffer overflow vulnerability.