// For flags

CVE-2016-4448

libxml2: Format string vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-05-02 CVE Reserved
  • 2016-05-27 CVE Published
  • 2024-07-09 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-134: Use of Externally-Controlled Format String
CAPEC
References (28)
URL Tag Source
http://www.openwall.com/lists/oss-security/2016/05/25/2 Mailing List
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html Third Party Advisory
http://www.securityfocus.com/bid/90856 Third Party Advisory
http://www.securitytracker.com/id/1036348 Third Party Advisory
http://xmlsoft.org/news.html Release Notes
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709 Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10170 Third Party Advisory
https://support.apple.com/HT206899 Release Notes
https://support.apple.com/HT206901 Release Notes
https://support.apple.com/HT206902 Release Notes
https://support.apple.com/HT206903 Release Notes
https://support.apple.com/HT206904 Release Notes
https://support.apple.com/HT206905 Release Notes
https://www.tenable.com/security/tns-2016-18 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html 2023-02-12
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html 2023-02-12
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html 2023-02-12
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html 2023-02-12
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html 2023-02-12
http://rhn.redhat.com/errata/RHSA-2016-2957.html 2023-02-12
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html 2023-02-12
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722 2023-02-12
https://access.redhat.com/errata/RHSA-2016:1292 2023-02-12
https://bugzilla.redhat.com/show_bug.cgi?id=1338700 2016-12-15
https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9 2023-02-12
https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b 2023-02-12
https://access.redhat.com/security/cve/CVE-2016-4448 2016-12-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hp
Search vendor "Hp"
 Icewall Federation Agent
Search vendor "Hp" for product "Icewall Federation Agent"
 3.0
Search vendor "Hp" for product "Icewall Federation Agent" and version "3.0"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 6.0
Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"
-
Safe
Hp
Search vendor "Hp"
 Icewall Federation Agent
Search vendor "Hp" for product "Icewall Federation Agent"
 3.0
Search vendor "Hp" for product "Icewall Federation Agent" and version "3.0"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Apple
Search vendor "Apple"
 Icloud
Search vendor "Apple" for product "Icloud"
 < 5.2.1
Search vendor "Apple" for product "Icloud" and version " < 5.2.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Apple
Search vendor "Apple"
 Itunes
Search vendor "Apple" for product "Itunes"
 <= 12.4.1
Search vendor "Apple" for product "Itunes" and version " <= 12.4.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Apple
Search vendor "Apple"
 Watchos
Search vendor "Apple" for product "Watchos"
 <= 2.2.1
Search vendor "Apple" for product "Watchos" and version " <= 2.2.1"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 < 10.11.6
Search vendor "Apple" for product "Mac Os X" and version " < 10.11.6"
-
Affected
Xmlsoft
Search vendor "Xmlsoft"
 Libxml2
Search vendor "Xmlsoft" for product "Libxml2"
 <= 2.9.3
Search vendor "Xmlsoft" for product "Libxml2" and version " <= 2.9.3"
-
Affected
Apple
Search vendor "Apple"
 Iphone Os
Search vendor "Apple" for product "Iphone Os"
 <= 9.3.2
Search vendor "Apple" for product "Iphone Os" and version " <= 9.3.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
 7.2
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
 7.3
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
 7.4
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
 7.6
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
 7.7
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
 7.2
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
 7.3
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
 7.4
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
 7.5
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
 7.6
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Eus
Search vendor "Redhat" for product "Enterprise Linux Server Eus"
 7.7
Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.7"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
 7.2
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
 7.3
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
 7.6
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
 7.7
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected
Slackware
Search vendor "Slackware"
 Slackware Linux
Search vendor "Slackware" for product "Slackware Linux"
 14.0
Search vendor "Slackware" for product "Slackware Linux" and version "14.0"
-
Affected
Slackware
Search vendor "Slackware"
 Slackware Linux
Search vendor "Slackware" for product "Slackware Linux"
 14.1
Search vendor "Slackware" for product "Slackware Linux" and version "14.1"
-
Affected
Oracle
Search vendor "Oracle"
 Vm Server
Search vendor "Oracle" for product "Vm Server"
 3.3
Search vendor "Oracle" for product "Vm Server" and version "3.3"
-
Affected
Oracle
Search vendor "Oracle"
 Vm Server
Search vendor "Oracle" for product "Vm Server"
 3.4
Search vendor "Oracle" for product "Vm Server" and version "3.4"
-
Affected
Apple
Search vendor "Apple"
 Tvos
Search vendor "Apple" for product "Tvos"
 <= 9.2.1
Search vendor "Apple" for product "Tvos" and version " <= 9.2.1"
-
Affected
Tenable
Search vendor "Tenable"
 Log Correlation Engine
Search vendor "Tenable" for product "Log Correlation Engine"
 4.8.0
Search vendor "Tenable" for product "Log Correlation Engine" and version "4.8.0"
-
Affected
Mcafee
Search vendor "Mcafee"
 Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
 <= 7.5.2.10
Search vendor "Mcafee" for product "Web Gateway" and version " <= 7.5.2.10"
-
Affected
Mcafee
Search vendor "Mcafee"
 Web Gateway
Search vendor "Mcafee" for product "Web Gateway"
 >= 7.6.0.0 <= 7.6.2.3
Search vendor "Mcafee" for product "Web Gateway" and version " >= 7.6.0.0 <= 7.6.2.3"
-
Affected
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
 6
Search vendor "Oracle" for product "Linux" and version "6"
-
Affected
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
 7
Search vendor "Oracle" for product "Linux" and version "7"
0
Affected