Security researcher Gustavo Grieco reported a potential out-of-bounds read parsing malformed XML data during character conversion. This is due to a bug in the Expat library, which is used in Firefox. This could allow an attacker to read other inaccessible memory.

CPENameOperatorVersion
firefoxlt48

CPE	Name	Operator	Version
	firefox	lt	48

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718

bugzilla.mozilla.org/show_bug.cgi?id=1236923

openvas 24

nessus 43

cve 3

cloudfoundry 1

centos 1

osv 3

f5 1

debian 3

ibm 22

prion 3

freebsd 4

redhatcve 1

veracode 2

redhat 2

amazon 1

debiancve 1

ubuntu 4

oraclelinux 1

ubuntucve 1

alpinelinux 1

mageia 1

zdt 1

suse 8

archlinux 3

thn 1

seebug 1

packetstorm 1

fedora 3

slackware 3

gentoo 1

apple 6

androidsecurity 1

oracle 1

openvas

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1446)

2020-01-23 00:00:00

CentOS Update for expat CESA-2016:2824 centos6

2016-11-29 00:00:00

RedHat Update for expat RHSA-2016:2824-01

2016-11-29 00:00:00

nessus

Ubuntu 14.04 LTS / 16.04 LTS : Expat vulnerability (USN-2983-1)

2016-05-19 00:00:00

OracleVM 3.3 / 3.4 : expat (OVMSA-2016-0168)

2016-11-29 00:00:00

Scientific Linux Security Update : expat on SL6.x, SL7.x i386/x86_64 (20161128)

2016-12-15 00:00:00

cve

CVE-2016-0718

2016-05-26 16:59:00

CVE-2016-9892

2017-03-02 23:59:00

CVE-2016-0719

2016-05-18 15:59:00

cloudfoundry

USN-2983-1 Expat vulnerability | Cloud Foundry

2016-06-13 00:00:00

centos

expat security update

2016-11-28 22:32:29

osv

CVE-2016-0718

2016-05-26 16:59:00

expat - security update

2016-05-19 00:00:00

libxmltok vulnerabilities

2022-07-19 17:11:00

K52320548 : Expat vulnerability CVE-2016-0718

2017-09-18 00:00:00

debian

[SECURITY] [DLA 483-1] expat security update

2016-05-19 20:04:46

[SECURITY] [DSA 3582-1] expat security update

2016-05-18 05:18:57

[SECURITY] [DSA 3582-1] expat security update

2016-05-18 05:18:57

ibm

Security Bulletin: A vulnerability in expat affects PowerKVM

2018-06-18 01:34:46

Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the Expat XML parser (CVE-2016-0718)

2018-06-16 21:50:27

Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718)

2018-06-16 21:48:37

prion

Buffer overflow

2016-05-26 16:59:00

Code injection

2017-03-02 23:59:00

Design/Logic Flaw

2016-05-18 15:59:00

freebsd

expat -- denial of service vulnerability on malformed input

2016-05-17 00:00:00

Python 2.7 -- multiple vulnerabilities

2017-08-26 00:00:00

python 2.7 -- multiple vulnerabilities

2018-05-01 00:00:00

redhatcve

CVE-2016-0718

2020-04-05 04:55:48

veracode

Denial Of Service (DoS) Or Arbitrary Code Execution

2019-01-15 09:14:45

Denial Of Service (DoS) Or Arbitrary Code Execution

2017-02-01 03:14:43

redhat

(RHSA-2016:2824) Moderate: expat security update

2016-11-28 17:50:20

(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

2018-08-16 16:05:21

amazon

Medium: expat

2016-12-15 00:38:00

debiancve

CVE-2016-0718

2016-05-26 16:59:00

ubuntu

Expat vulnerability

2016-05-18 00:00:00

XML-RPC for C and C++ vulnerabilities

2016-06-20 00:00:00

xmltok library vulnerabilities

2022-07-19 00:00:00

oraclelinux

expat security update

2016-11-28 00:00:00

ubuntucve

CVE-2016-0718

2016-05-17 00:00:00

alpinelinux

CVE-2016-0718

2016-05-26 16:59:00

mageia

Updated expat packages fix security vulnerability

2016-05-20 14:38:30

zdt

ESET Endpoint Antivirus 6 Remote Code Execution Exploit

2017-02-28 00:00:00

suse

Security update for expat (important)

2016-06-07 13:08:02

Security update for expat (important)

2016-06-08 12:07:50

Security update for expat (important)

2016-05-30 14:09:21

archlinux

expat: arbitrary code execution

2016-05-18 00:00:00

lib32-expat: arbitrary code execution

2016-05-18 00:00:00

firefox: multiple issues

2016-08-05 00:00:00

thn

Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking

2017-02-28 03:06:00

seebug

Remote Code Execution as Root via ESET Endpoint Antivirus 6（CVE-2016-9892）

2017-02-28 00:00:00

packetstorm

ESET Endpoint Antivirus 6 Remote Code Execution

2017-02-27 00:00:00

fedora

[SECURITY] Fedora 23 Update: expat-2.1.1-2.fc23

2016-06-19 07:27:54

[SECURITY] Fedora 22 Update: expat-2.1.1-2.fc22

2016-07-12 02:27:38

[SECURITY] Fedora 24 Update: expat-2.1.1-2.fc24

2016-06-21 19:27:49

slackware

[slackware-security] python

2017-09-23 06:33:04

[slackware-security] expat

2016-12-24 19:24:21

[slackware-security] python

2018-05-04 20:53:50

gentoo

Expat: Multiple vulnerabilities

2017-01-11 00:00:00

apple

About the security content of iTunes 12.6 - Apple Support

2017-03-22 07:40:40

About the security content of iTunes 12.6

2017-03-21 00:00:00

About the security content of iTunes 12.6 for Windows

2017-03-21 00:00:00

androidsecurity

Android Security Bulletin—November 2016

2016-11-07 00:00:00

oracle

CPU July 2018

2018-07-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for MFSA2016-68