CVE-2016-2073

MEDIUM

Xmlsoft Libxml2 < 2.9.4 - Memory Corruption

Title source: rule

Description

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

References (8)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/01/25/6

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/01/26/7

[Third Party Advisory] http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/85267

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035011

[Third Party Advisory] http://www.ubuntu.com/usn/USN-2994-1

[Third Party Advisory] https://security.gentoo.org/glsa/201701-37

[Third Party Advisory] https://www.debian.org/security/2016/dsa-3593

Scores

CVSS v3 6.5

EPSS 0.0132

EPSS Percentile 79.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (6)

xmlsoft/libxml2 < 2.9.4

debian/debian_linux

canonical/ubuntu_linux

Timeline

Published Feb 12, 2016

Tracked Since Feb 18, 2026