xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

References

lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

www.securityfocus.com/bid/93054

www.securitytracker.com/id/1036858

www.securitytracker.com/id/1038623

git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b

security.gentoo.org/glsa/201701-37

support.apple.com/HT207141

support.apple.com/HT207142

support.apple.com/HT207143

support.apple.com/HT207170

openvas 22

nessus 39

ibm 14

osv 2

cloudlinux 1

github 1

oraclelinux 1

prion 1

f5 1

debiancve 1

ubuntucve 1

veracode 2

centos 1

redhatcve 1

cve 1

redhat 6

nvd 1

amazon 1

debian 3

archlinux 1

rubygems 1

cloudfoundry 1

ubuntu 1

fedora 4

altlinux 3

mageia 1

rosalinux 1

apple 8

gentoo 1

suse 3

androidsecurity 1

tenable 1

ics 1

openvas

CentOS: Security Advisory for libxml2 (CESA-2021:3810)

2021-11-18 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1685)

2020-01-23 00:00:00

SUSE: Security Advisory (SUSE-SU-2016:2650-1)

2021-04-19 00:00:00

nessus

SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:2650-1)

2016-10-27 00:00:00

openSUSE Security Update : libxml2 (openSUSE-2016-1259)

2016-11-04 00:00:00

openSUSE Security Update : libxml2 (openSUSE-2016-1265)

2016-11-07 00:00:00

ibm

Security Bulletin: IBM QRadar Network Security is affected by an arbitrary code execution vulnerability (CVE-2016-4658)

2022-03-31 03:36:56

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to arbitrary code execution due to [CVE-2016-4658]

2022-11-03 17:03:31

Security Bulletin: Vulnerability in libxml2 affects IBM BladeCenter Advanced Management Module (AMM)

2023-04-14 14:32:25

osv

Nokogiri does not forbid namespace nodes in XPointer ranges

2018-08-21 19:03:26

libxml2 - security update

2016-10-31 00:00:00

cloudlinux

libxml2: Fix of CVE-2016-4658

2023-11-07 18:21:51

github

Nokogiri does not forbid namespace nodes in XPointer ranges

2018-08-21 19:03:26

oraclelinux

libxml2 security update

2021-10-13 00:00:00

prion

Memory corruption

2016-09-25 10:59:00

K49419538 : libxml2 vulnerability CVE 2016-4658

2022-04-05 00:00:00

debiancve

CVE-2016-4658

2016-09-25 10:59:02

ubuntucve

CVE-2016-4658

2016-09-25 00:00:00

veracode

Remote Code Execution (RCE)

2018-05-23 05:14:44

Copy-Paste Vulnerability (CPV) Through Libxml2

2017-03-23 01:10:27

centos

libxml2 security update

2021-11-17 14:46:50

redhatcve

CVE-2016-4658

2016-10-13 09:47:26

cve

CVE-2016-4658

2016-09-25 10:59:02

redhat

(RHSA-2021:3810) Moderate: libxml2 security update

2021-10-12 13:23:35

(RHSA-2021:3949) Important: Red Hat Advanced Cluster Management 2.1.12 security fixes and container updates

2021-10-20 15:05:45

(RHSA-2021:3873) Important: Red Hat Advanced Cluster Management 2.2.9 security, bug, and container updates

2021-10-14 19:47:17

nvd

CVE-2016-4658

2016-09-25 10:59:02

amazon

Medium: libxml2

2019-09-30 22:47:00

debian

[SECURITY] [DSA 3744-1] libxml2 security update

2016-12-23 18:31:42

[SECURITY] [DSA 3744-1] libxml2 security update

2016-12-23 18:31:42

[SECURITY] [DLA 691-1] libxml2 security update

2016-10-31 17:09:55

archlinux

[ASA-201611-2] libxml2: arbitrary code execution

2016-11-01 00:00:00

rubygems

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt

2017-03-10 21:00:00

cloudfoundry

USN-3235-1: libxml2 vulnerabilities | Cloud Foundry

2017-03-31 00:00:00

ubuntu

libxml2 vulnerabilities

2017-03-16 00:00:00

fedora

[SECURITY] Fedora 26 Update: libxml2-2.9.7-1.fc26

2018-02-14 17:11:02

[SECURITY] Fedora 27 Update: libxml2-2.9.7-1.fc27

2018-01-30 18:12:24

[SECURITY] Fedora 25 Update: libxml2-2.9.4-2.fc25

2017-04-19 09:32:17

altlinux

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-03 00:00:00

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-03 00:00:00

Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1

2017-03-07 00:00:00

mageia

Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

2018-01-03 18:50:51

rosalinux

Advisory ROSA-SA-2021-1905

2021-07-02 17:25:35

apple

About the security content of watchOS 3 - Apple Support

2020-07-27 08:13:37

About the security content of watchOS 3

2016-09-13 00:00:00

About the security content of tvOS 10

2016-09-13 00:00:00

gentoo

libxml2: Multiple vulnerabilities

2017-01-16 00:00:00

suse

Security update for SLES 12-SP2 Docker image (important)

2017-10-11 03:08:09

Security update for SLES 12-SP1 Docker image (important)

2017-10-11 03:07:32

Security update for SLES 12 Docker image (important)

2017-10-11 03:06:53

androidsecurity

Android Security Bulletin—June 2017

2017-06-05 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

Related for CVELIST:CVE-2016-4658