CVE-2016-4483

HIGH

Xmlsoft Libxml2 < 2.9.4 - Insecure Deserialization

Title source: rule

Description

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

References (14)

Scores

CVSS v3 7.5
EPSS 0.0127
EPSS Percentile 79.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-502
Status draft

Affected Products (3)

xmlsoft/libxml2 < 2.9.4
debian/debian_linux
oracle/solaris

Timeline

Published Apr 11, 2017
Tracked Since Feb 18, 2026