CVE-2016-1838

MEDIUM

libxml2 <2.9.4 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1838. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a heap-based out-of-bounds memory read vulnerability in libxml2 2.9.3, triggered by a malformed XML file processed by xmllint. The crash occurs in xmlParserPrintFileContextInternal due to improper bounds checking.

Description

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdoslinux
https://www.exploit-db.com/exploits/39493

This exploit demonstrates a heap-based out-of-bounds memory read vulnerability in libxml2 2.9.3, triggered by a malformed XML file processed by xmllint. The crash occurs in xmlParserPrintFileContextInternal due to improper bounds checking.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: libxml2 2.9.3
No auth needed
Prerequisites: Access to a system with libxml2 2.9.3 installed · Ability to execute xmllint with a malformed XML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (24)

Core 24
Core References
Patch, Third Party Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10170
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1292
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT206567
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/90691
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2016/dsa-3593
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=758588
Release Notes, Vendor Advisory x_refsource_confirm
http://xmlsoft.org/news.html
Mailing List, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2994-1
Exploit, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=639
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT206566
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2016-18
Mailing List, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT206564
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2957.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-37
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035890
Mailing List, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT206568
Mailing List, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

Scores

CVSS v3 5.5
EPSS 0.0664
EPSS Percentile 93.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-125
Status published
Products (29)
apple/iphone_os < 9.3.2
apple/mac_os_x < 10.11.5
apple/tvos < 9.2.1
apple/watchos < 2.2.1
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
canonical/ubuntu_linux 16.04
debian/debian_linux 8.0
mcafee/web_gateway 7.5.0.0 - 7.5.2.10
... and 19 more
Published May 20, 2016
Tracked Since Feb 18, 2026