CVE-2016-4448

Properties

Published:
08.06.2016
Updated:
24.07.2016
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Product:
xmlsoft: libxml2

Vulnerability description

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

References:

APPLE: http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
APPLE: http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
APPLE: http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
APPLE: http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
APPLE: http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
MLIST: http://www.openwall.com/lists/oss-security/2016/05/25/2
SLACKWARE: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722
CONFIRM: http://xmlsoft.org/news.html
REDHAT: https://access.redhat.com/errata/RHSA-2016:1292
CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=1338700
CONFIRM: https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9
CONFIRM: https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b
CONFIRM: https://support.apple.com/HT206899
CONFIRM: https://support.apple.com/HT206901
CONFIRM: https://support.apple.com/HT206902
CONFIRM: https://support.apple.com/HT206903
CONFIRM: https://support.apple.com/HT206904
CONFIRM: https://support.apple.com/HT206905