Launchpad CVE tracker

CVE 2016-4658

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

Related bugs and status

CVE-2016-4658 (Candidate) is related to these bugs:

Bug #1652325: Libxml2 2.9.3 fails to parse multi-byte character in large CDATA section that is split across buffer

		In	Importance	Status
1652325	Libxml2 2.9.3 fails to parse multi-byte character in large CDATA section that is split across buffer	libxml2 (Ubuntu)	Undecided	Invalid
1652325	Libxml2 2.9.3 fails to parse multi-byte character in large CDATA section that is split across buffer	libxml2	Medium	Fix Released
1652325	Libxml2 2.9.3 fails to parse multi-byte character in large CDATA section that is split across buffer	libxml2 (Ubuntu Xenial)	Undecided	Fix Released

Bug #1954718: CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges

Summary				In	Importance	Status
	1954718	CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges		StarlingX	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-4658

References