Lucene search

K
f5F5F5:K49419538
HistoryApr 05, 2022 - 12:00 a.m.

K49419538 : libxml2 vulnerability CVE 2016-4658

2022-04-0500:00:00
my.f5.com
64

AI Score

9.4

Confidence

High

EPSS

0.019

Percentile

88.7%

Security Advisory Description

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. (CVE-2016-4658)

Impact

This vulnerability allows remote attackers to execute arbitrary code or cause a denial-of-service (use-after-free and memory corruption) through a crafted XML document.