PT-2016-3342 · Xmlsoft+5 · Libxml2+5

Nick Wellnhofer

Publicado

2016-09-25

Atualizado

2026-03-13

CVE-2016-4658

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.5

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to a use-after-free and memory corruption via a crafted XML document. This is because namespace nodes in XPointer ranges are not forbidden. The vulnerability may also lead to memory buffer overflow, potentially affecting the confidentiality, integrity, and availability of protected information.

Recommendations For libxml2 versions prior to 2.9.5, update to version 2.9.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of XPointer ranges in XML documents to minimize the risk of exploitation. Avoid using crafted XML documents that may trigger the use-after-free and memory corruption until the issue is resolved.

Correção

DoS

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2017-1240

ALT-PU-2019-1924

ALT-PU-2019-3079

BDU:2021-03125

CESA-2021_3810

CVE-2016-4658

DLA-691-1

DSA-3744-1

GHSA-FR52-4HQW-P27F

MGASA-2018-0048

OPENSUSE-SU-2024:11016-1

OPENSUSE-SU-2024:11340-1

OPENSUSE-SU-2024:11912-1

OPENSUSE-SU-2024:13165-1

OPENSUSE-SU-2024:14174-1

OPENSUSE-SU-2025:14697-1

OPENSUSE-SU-2026:10356-1

RHSA-2021:3810

RHSA-2021_3810

SUSE-SU-2016:2650-1

SUSE-SU-2016:2652-1

SUSE-SU-2016_2650-1

SUSE-SU-2016_2652-1

SUSE-SU-2017:0380-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

SUSE-SU-2017_0380-1

USN-3235-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libxml2

PT-2016-3342 · Xmlsoft+5 · Libxml2+5

CVE-2016-4658

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 114