CVE-2016-4658

Summary

CVE	CVE-2016-4658
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-09-25 10:59:00 UTC
Updated	2019-03-13 14:05:00 UTC
Description	xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Apple	Mac Os X	All	All	All	All
Operating System	Apple	Mac Os X	All	All	All	All
Operating System	Apple	Tvos	All	All	All	All
Operating System	Apple	Tvos	All	All	All	All
Operating System	Apple	Watchos	All	All	All	All
Operating System	Apple	Watchos	All	All	All	All
Application	Xmlsoft	Libxml2	All	All	All	All
Application	Xmlsoft	Libxml2	All	All	All	All

References

Reference	Source	Link	Tags
APPLE-SA-2016-09-20-3 iOS 10	APPLE	lists.apple.com	Mailing List, Vendor Advisory
About the security content of macOS Sierra 10.12 - Apple Support	CONFIRM	support.apple.com	Vendor Advisory
Apple macOS/OS X Multiple Flaws Let Remote and Local Users Deny Service, Obtain Potentially Sensitive Information, Execute Arbitrary Code, and Gain Elevated Privileges - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
About the security content of tvOS 10 - Apple Support	CONFIRM	support.apple.com	Vendor Advisory
Disallow namespace nodes in XPointer ranges (c1d1f712) · Commits · GNOME / libxml2 · GitLab	CONFIRM	git.gnome.org	Patch, Third Party Advisory
About the security content of watchOS 3 - Apple Support	CONFIRM	support.apple.com	Vendor Advisory
APPLE-SA-2016-09-20-5 watchOS 3	APPLE	lists.apple.com	Mailing List, Vendor Advisory
APPLE-SA-2016-09-20 macOS Sierra 10.12	APPLE	lists.apple.com	Mailing List, Vendor Advisory
APPLE-SA-2016-09-20-6 tvOS 10	APPLE	lists.apple.com	Mailing List, Vendor Advisory
About the security content of iOS 10 - Apple Support	CONFIRM	support.apple.com	Vendor Advisory
libxml2: Multiple vulnerabilities (GLSA 201701-37) — Gentoo security	GENTOO	security.gentoo.org	Third Party Advisory
Google Android Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code and Let Local Apps Gain Elevated Privileges - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Apple iOS/tvOS/MacOS/watchOS Multiple Security Vulnerabilities	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159417 Oracle Enterprise Linux Security Update for libxml2 (ELSA-2021-3810)
239673 Red Hat Update for libxml2 (RHSA-2021:3810)
257124 CentOS Security Update for libxml2 (CESA-2021:3810)
375544 Libxml2 Arbitrary Code Execution Vulnerability
377481 Alibaba Cloud Linux Security Update for libxml2 (ALINUX2-SA-2021:0058)
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
904904 Common Base Linux Mariner (CBL-Mariner) Security Update for gettext (12337)