7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.033 Low
EPSS
Percentile
90.3%
A vulnerability has been discovered that allows remote attackers to
cause a denial of service (memory corruption) via a crafted XML document.
A maliciously crafted file could cause the application to crash due to
a heap-based out-of-bounds memory read.
It has been discovered that a heap-buffer-overflow could happen in
xmlStrncat.
It has been discovered that a maliciously crafted file could cause the
application to crash due to a heap use-after-free in xmlSAX2AttributeNs.
It has been discovered that a heap-use-after free can happen in the
xmlDictComputeFastKey.
It has been discovered that a maliciously crafted file could cause the
application to crash due to a Heap use-after-free in
htmlParsePubidLiteral and htmlParseSystemiteral.
It has been discovered that a heap-based buffer overread could happen
in xmlParserPrintFileContextInternal
It has been discovered that a heap-based buffer overread could happen
in xmlDictAddString.
It has been discovered that a heap-buffer overflow could happen in
xmlFAParsePosCharGroup
A vulnerability was found in a way libxml2 parses certain files. With
the libxml2 in recovery mode, a maliciously crafted filed could cause
libxml2 to crash.
It is possible to trigger a stack overflow using a carefully crafted
invalid XML file, the stack overflow occurs before libxml2 determines
the XML file is invalid.
It has been discovered that parsing a maliciously crafted XML file
could cause the application to crash if recover mode is used.
access.redhat.com/security/cve/CVE-2016-1762
access.redhat.com/security/cve/CVE-2016-1833
access.redhat.com/security/cve/CVE-2016-1834
access.redhat.com/security/cve/CVE-2016-1835
access.redhat.com/security/cve/CVE-2016-1836
access.redhat.com/security/cve/CVE-2016-1837
access.redhat.com/security/cve/CVE-2016-1838
access.redhat.com/security/cve/CVE-2016-1839
access.redhat.com/security/cve/CVE-2016-1840
access.redhat.com/security/cve/CVE-2016-3627
access.redhat.com/security/cve/CVE-2016-3705
access.redhat.com/security/cve/CVE-2016-4483
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.033 Low
EPSS
Percentile
90.3%