First published: Mon May 23 2016(Updated: )
A vulnerability was found in the libxml2 library. A maliciously crafted file could cause the application to crash due to a heap-based buffer underread in xmlParseName. References: <a href="https://bugzilla.gnome.org/show_bug.cgi?id=759573">https://bugzilla.gnome.org/show_bug.cgi?id=759573</a> Upstream fix: <a href="https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83">https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/libxml2 | 2.9.4+dfsg1-7+deb10u4 2.9.4+dfsg1-7+deb10u6 2.9.10+dfsg-6.7+deb11u4 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3 | |
HP IceWall Federation Agent | =3.0 | |
Ubuntu | =12.04 | |
Ubuntu | =14.04 | |
Ubuntu | =15.10 | |
Ubuntu | =16.04 | |
Debian | =7.0 | |
Debian | =8.0 | |
Oracle VM Server | =3.3 | |
Oracle VM Server | =3.4 | |
Apple iTunes for Windows | =12.4.1 | |
Microsoft Windows | ||
iOS | <=9.3.2 | |
Apple iOS and macOS | <=10.11.5 | |
tvOS | <=9.2.1 | |
Apple iOS, iPadOS, and watchOS | <=2.2.1 | |
libxml2 | <=2.9.3 | |
McAfee Web Gateway | >=7.5.0.0<=7.5.2.10 | |
McAfee Web Gateway | >=7.6.0.0<=7.6.2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-4447 is classified as a high severity vulnerability due to the potential for application crashes.
To fix CVE-2016-4447, upgrade your libxml2 library to versions 2.9.4+dfsg1-7+deb10u4 or newer, depending on your operating system.
CVE-2016-4447 affects various applications that utilize the libxml2 library, including Debian and Ubuntu systems.
CVE-2016-4447 is a heap-based buffer underread vulnerability that can lead to application instability.
There are no specific workarounds for CVE-2016-4447; upgrading to a patched version is recommended.