CVE-2016-4447

Summary

CVE	CVE-2016-4447
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-06-09 16:59:00 UTC
Updated	2023-02-12 23:21:00 UTC
Description	The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Iphone Os	All	All	All	All
Application	Apple	Itunes	12.4.1	All	All	All
Application	Apple	Itunes	12.4.1	All	All	All
Operating System	Apple	Mac Os X	All	All	All	All
Operating System	Apple	Tvos	All	All	All	All
Operating System	Apple	Watchos	All	All	All	All
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	15.10	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	15.10	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Debian	Debian Linux	7.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	7.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Application	Hp	Icewall Federation Agent	3.0	All	All	All
Application	Hp	Icewall Federation Agent	3.0	All	All	All
Application	Mcafee	Web Gateway	All	All	All	All
Application	Mcafee	Web Gateway	All	All	All	All
Operating System	Microsoft	Windows	All	All	All	All
Operating System	Microsoft	Windows	All	All	All	All
Operating System	Oracle	Vm Server	3.3	All	All	All
Operating System	Oracle	Vm Server	3.4	All	All	All
Operating System	Oracle	Vm Server	3.3	All	All	All
Operating System	Oracle	Vm Server	3.4	All	All	All
Application	Xmlsoft	Libxml2	All	All	All	All

References

Reference	Source	Link	Tags
About the security content of iCloud for Windows 5.2.1 - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
CVE-2016-4447 - Red Hat Customer Portal	MISC	access.redhat.com
Apple macOS/OS X Multiple Flaws Let Remote and Local Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
USN-2994-1: libxml2 vulnerabilities \| Ubuntu	UBUNTU	www.ubuntu.com	Third Party Advisory
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004	APPLE	lists.apple.com	Mailing List, Third Party Advisory
APPLE-SA-2016-07-18-6 iTunes 12.4.2	APPLE	lists.apple.com	Mailing List, Third Party Advisory
The Slackware Linux Project: Slackware Security Advisories	SLACKWARE	www.slackware.com	Exploit, Mailing List, Third Party Advisory
Debian -- Security Information -- DSA-3593-1 libxml2	DEBIAN	www.debian.org	Third Party Advisory
Oracle Linux Bulletin - July 2016	CONFIRM	www.oracle.com	Third Party Advisory
About the security content of watchOS 2.2.2 - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
Libxml2 'xmlParseName' CVE-2016-4447 Remote Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory \| Tenable™	CONFIRM	www.tenable.com	Third Party Advisory
McAfee Security Bulletin: McAfee Web Gateway update fixes several vulnerabilities related to xml parsing	CONFIRM	kc.mcafee.com	Patch, Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
Oracle VM Server for x86 Bulletin - July 2016	CONFIRM	www.oracle.com	Third Party Advisory
Releases	CONFIRM	xmlsoft.org	Release Notes, Vendor Advisory
Heap-based buffer-underreads due to xmlParseName (00906759) · Commits · GNOME / libxml2 · GitLab	CONFIRM	git.gnome.org	Patch, Third Party Advisory
About the security content of iOS 9.3.3 - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
oss-security - 3 libxml2 issues	MLIST	www.openwall.com	Mailing List, Third Party Advisory
Red Hat Customer Portal	MISC	access.redhat.com
APPLE-SA-2016-07-18-3 watchOS 2.2.2	APPLE	lists.apple.com	Mailing List, Third Party Advisory
About the security content of iTunes 12.4.2 for Windows - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
Document Display \| HPE Support Center	CONFIRM	h20566.www2.hpe.com	Third Party Advisory
APPLE-SA-2016-07-18-4 tvOS 9.2.2	APPLE	lists.apple.com	Mailing List, Not Applicable
APPLE-SA-2016-07-18-2 iOS 9.3.3	APPLE	lists.apple.com	Mailing List, Third Party Advisory
Bug 1338686 – CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName	MISC	bugzilla.redhat.com
About the security content of tvOS 9.2.2 - Apple Support	CONFIRM	support.apple.com	Third Party Advisory
Red Hat Customer Portal	REDHAT	rhn.redhat.com	Third Party Advisory
Oracle Solaris Bulletin - July 2016	CONFIRM	www.oracle.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.