PT-2016-2793 · Apple+2 · Libxslt+6

Nick Wellnhofer

Published

2016-09-25

Updated

2026-03-13

CVE-2016-4738

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libxslt in Apple iOS versions prior to 10 libxslt in Apple OS X versions prior to 10.12 libxslt in Apple tvOS versions prior to 10 libxslt in Apple watchOS versions prior to 3

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This is caused by a buffer overflow in the libxslt component of the operating systems, which can be exploited by a remote attacker using a specially formed web site.

Recommendations For libxslt in Apple iOS versions prior to 10, update to iOS 10 or later. For libxslt in Apple OS X versions prior to 10.12, update to OS X 10.12 or later. For libxslt in Apple tvOS versions prior to 10, update to tvOS 10 or later. For libxslt in Apple watchOS versions prior to 3, update to watchOS 3 or later.

Fix

DoS

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2016-02196

CVE-2016-4738

DLA-700-1

DSA-3709-1

MGASA-2016-0394

OPENSUSE-SU-2024:11017-1

OPENSUSE-SU-2024:11340-1

OPENSUSE-SU-2024:11912-1

OPENSUSE-SU-2024:13165-1

OPENSUSE-SU-2024:14174-1

OPENSUSE-SU-2025:14697-1

OPENSUSE-SU-2026:10356-1

SUSE-SU-2017:1282-1

SUSE-SU-2017:1313-1

USN-3271-1

Affected Products

Os X

Suse

Ubuntu

Ios

Libxslt

Tvos

Watchos

PT-2016-2793 · Apple+2 · Libxslt+6

CVE-2016-4738

Weakness Enumeration

Related Identifiers

Affected Products

References · 96