PT-2016-6255 · Xmlsoft+7 · Libxml2+7

Nick Wellnhofer

Published

2016-07-20

Updated

2026-03-13

CVE-2016-5131

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libxml2 versions through 2.9.4 Google Chrome versions through 52.0.2743.82

Description The issue is related to a use-after-free vulnerability, which can be exploited by remote attackers to cause a denial of service or possibly have other unspecified impacts. This vulnerability is related to vectors involving the XPointer range-to function.

Recommendations For libxml2 versions through 2.9.4, update to a version later than 2.9.4 to resolve the issue. For Google Chrome versions through 52.0.2743.82, update to a version later than 52.0.2743.82 to resolve the issue.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2016-2194

ALT-PU-2017-1240

CESA-2020_1190

CVE-2016-5131

DLA-691-1

DSA-3637-1

DSA-3744-1

MGASA-2018-0048

OPENSUSE-SU-2016:1868-1

OPENSUSE-SU-2016:1869-1

OPENSUSE-SU-2016_1865-1

OPENSUSE-SU-2016_1869-1

OPENSUSE-SU-2016_1918-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:11340-1

OPENSUSE-SU-2024:11912-1

OPENSUSE-SU-2024:12948-1

OPENSUSE-SU-2024:13165-1

OPENSUSE-SU-2024:14174-1

OPENSUSE-SU-2025:14697-1

OPENSUSE-SU-2026:10356-1

RHSA-2016:1485

RHSA-2016_1485

RHSA-2020:1190

RHSA-2020_1190

SUSE-SU-2018:0395-1

SUSE-SU-2018:0401-1

SUSE-SU-2018_0395-1

SUSE-SU-2018_0401-1

USN-3041-1

USN-3235-1

Affected Products

Alt Linux

Centos

Google Chrome

Opera

Red Hat

Suse

Ubuntu

Libxml2

PT-2016-6255 · Xmlsoft+7 · Libxml2+7

CVE-2016-5131

Weakness Enumeration

Related Identifiers

Affected Products

References · 2464