Launchpad CVE tracker

CVE 2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2016-05-16-1
APPLE: APPLE-SA-2016-05-16-2
APPLE: APPLE-SA-2016-05-16-3
APPLE: APPLE-SA-2016-05-16-4
DEBIAN: DSA-3593
UBUNTU: USN-2994-1
REDHAT: RHSA-2016:1292
CONFIRM: http://xmlsoft.org/new...
CONFIRM: https://bugzilla.gnome...
CONFIRM: https://git.gnome.org/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
SECTRACK: 1035890
CONFIRM: https://www.tenable.co...
CONFIRM: https://kc.mcafee.com/...
GENTOO: GLSA-201701-37
SECTRACK: 1038623
BID: 90691
REDHAT: RHSA-2016:2957

Launchpad.net

CVE 2016-1839

Related bugs

References