Home

CVE-2016-4447

Description

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.334

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.4.1Windows
Multiple Vulnerabilities are affected in Apple iTunes 12.4.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.4.0Windows
Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 UpdateMac
Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Combo UpdateMac
Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.4.1Mac
Libxml2 update (ELSA-2016-1292) libxml2-2.7.6-21.0.1.el6_8.1.x86_64.rpmLinux
Libxml2-devel update (ELSA-2016-1292) libxml2-devel-2.7.6-21.0.1.el6_8.1.x86_64.rpmLinux
Libxml2-python update (ELSA-2016-1292) libxml2-python-2.7.6-21.0.1.el6_8.1.x86_64.rpmLinux
Libxml2-static update (ELSA-2016-1292) libxml2-static-2.7.6-21.0.1.el6_8.1.x86_64.rpmLinux
Libxml2 update (ELSA-2016-1292) libxml2-2.7.6-21.0.1.el6_8.1.i686.rpmLinux
Libxml2-devel update (ELSA-2016-1292) libxml2-devel-2.7.6-21.0.1.el6_8.1.i686.rpmLinux
Libxml2-python update (ELSA-2016-1292) libxml2-python-2.7.6-21.0.1.el6_8.1.i686.rpmLinux
Libxml2-static update (ELSA-2016-1292) libxml2-static-2.7.6-21.0.1.el6_8.1.i686.rpmLinux
Libxml2 update (ELSA-2016-1292) libxml2-2.9.1-6.0.1.el7_2.3.x86_64.rpmLinux
Libxml2-devel update (ELSA-2016-1292) libxml2-devel-2.9.1-6.0.1.el7_2.3.x86_64.rpmLinux
Libxml2-python update (ELSA-2016-1292) libxml2-python-2.9.1-6.0.1.el7_2.3.x86_64.rpmLinux
Libxml2-static update (ELSA-2016-1292) libxml2-static-2.9.1-6.0.1.el7_2.3.x86_64.rpmLinux
Libxml2 update (ELSA-2016-1292) libxml2-2.9.1-6.0.1.el7_2.3.i686.rpmLinux
Libxml2-devel update (ELSA-2016-1292) libxml2-devel-2.9.1-6.0.1.el7_2.3.i686.rpmLinux
Libxml2-static update (ELSA-2016-1292) libxml2-static-2.9.1-6.0.1.el7_2.3.i686.rpmLinux
Vulnerabilities CVE-2016-4447 ,CVE-2016-4448 ,CVE-2016-6306 ,CVE-2016-9597 ,CVE-2017-8945 are affected in icewall_federation_agent 3.0NCM
Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4447)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-600753OS X El Capitan 10.11.6 Update
PATCH-600754OS X El Capitan 10.11.6 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234