CVE-2016-4448

CRITICAL EPSS 93.4%
Published Jun 9, 201610y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Jun 9, 2016 10y ago
Last Modified Jun 17, 2026 2w ago

Description

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
93.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-134

Affected Products 42

VendorProductVersionRange
hpicewall_federation_agent3.0any
redhatenterprise_linux6.0any
redhatenterprise_linux7.0any
applewatchos* ≤2.2.1
applemac_os_x* <10.11.6
xmlsoftlibxml2* ≤2.9.3
appleicloud* <5.2.1
microsoftwindows*any
appleiphone_os* ≤9.3.2
redhatenterprise_linux_desktop6.0any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_server6.0any
redhatenterprise_linux_server7.0any
redhatenterprise_linux_server_aus7.2any
redhatenterprise_linux_server_aus7.3any
redhatenterprise_linux_server_aus7.4any
redhatenterprise_linux_server_aus7.6any
redhatenterprise_linux_server_aus7.7any
redhatenterprise_linux_server_eus7.2any
redhatenterprise_linux_server_eus7.3any
redhatenterprise_linux_server_eus7.4any
redhatenterprise_linux_server_eus7.5any
redhatenterprise_linux_server_eus7.6any
redhatenterprise_linux_server_eus7.7any
redhatenterprise_linux_server_tus7.2any
redhatenterprise_linux_server_tus7.3any
redhatenterprise_linux_server_tus7.6any
redhatenterprise_linux_server_tus7.7any
redhatenterprise_linux_workstation6.0any
redhatenterprise_linux_workstation7.0any
appleitunes* ≤12.4.1
microsoftwindows*any
slackwareslackware_linux14.0any
slackwareslackware_linux14.1any
oraclevm_server3.3any
oraclevm_server3.4any
appletvos* ≤9.2.1
tenablelog_correlation_engine4.8.0any
mcafeeweb_gateway* ≤7.5.2.10
mcafeeweb_gateway*≥7.6.0.0  –  ≤7.6.2.3
oraclelinux6any
oraclelinux7any

References 27

  • lists.apple.com http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
    Mailing ListRelease Notes
  • lists.apple.com http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
    Mailing ListRelease Notes
  • lists.apple.com http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
    Mailing ListRelease Notes
  • lists.apple.com http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
    Mailing ListRelease Notes
  • lists.apple.com http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
    Mailing ListRelease Notes
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-2957.html
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2016/05/25/2
    Mailing ListThird Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
    Vendor Advisory
  • securityfocus.com http://www.securityfocus.com/bid/90856
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1036348
    Third Party AdvisoryVDB Entry
  • slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722
    Third Party Advisory
  • xmlsoft.org http://xmlsoft.org/news.html
    Release Notes
  • access.redhat.com https://access.redhat.com/errata/RHSA-2016:1292
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1338700
    Issue TrackingThird Party Advisory
  • git.gnome.org https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9
    Vendor Advisory
  • git.gnome.org https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b
    Vendor Advisory
  • h20566.www2.hpe.com https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709
    Third Party Advisory
  • kc.mcafee.com https://kc.mcafee.com/corporate/index?page=content&id=SB10170
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT206899
    Release Notes
  • support.apple.com https://support.apple.com/HT206901
    Release Notes
  • support.apple.com https://support.apple.com/HT206902
    Release Notes
  • support.apple.com https://support.apple.com/HT206903
    Release Notes
  • support.apple.com https://support.apple.com/HT206904
    Release Notes
  • support.apple.com https://support.apple.com/HT206905
    Release Notes
  • tenable.com https://www.tenable.com/security/tns-2016-18
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.