CVE-2016-2073

Published: 12 February 2016

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

Priority

Low

CVSS 3 base score: 6.5

Status

Notes

this is a dupe of CVE-2016-1839

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
• http://www.openwall.com/lists/oss-security/2016/01/25/6
• https://ubuntu.com/security/notices/USN-2994-1
• NVD
• Launchpad
• Debian

Bugs

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812807
• https://bugzilla.redhat.com/show_bug.cgi?id=1301928