PT-2016-2793 · Apple+2 · Libxslt+6

Nick Wellnhofer

Publicado

2016-09-25

Atualizado

2026-03-13

CVE-2016-4738

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libxslt in Apple iOS versions prior to 10 libxslt in Apple OS X versions prior to 10.12 libxslt in Apple tvOS versions prior to 10 libxslt in Apple watchOS versions prior to 3

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This is caused by a buffer overflow in the libxslt component of the operating systems, which can be exploited by a remote attacker using a specially formed web site.

Recommendations For libxslt in Apple iOS versions prior to 10, update to iOS 10 or later. For libxslt in Apple OS X versions prior to 10.12, update to OS X 10.12 or later. For libxslt in Apple tvOS versions prior to 10, update to tvOS 10 or later. For libxslt in Apple watchOS versions prior to 3, update to watchOS 3 or later.

Correção

DoS

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2016-02196

CVE-2016-4738

DLA-700-1

DSA-3709-1

MGASA-2016-0394

OPENSUSE-SU-2024:11017-1

OPENSUSE-SU-2024:11340-1

OPENSUSE-SU-2024:11912-1

OPENSUSE-SU-2024:13165-1

OPENSUSE-SU-2024:14174-1

OPENSUSE-SU-2025:14697-1

OPENSUSE-SU-2026:10356-1

SUSE-SU-2017:1282-1

SUSE-SU-2017:1313-1

USN-3271-1

Produtos afetados

Os X

Suse

Ubuntu

Ios

Libxslt

Tvos

Watchos

PT-2016-2793 · Apple+2 · Libxslt+6

CVE-2016-4738

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 96