CVE-2016-4483

Published: 04 May 2016

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
libxml2 Launchpad, Ubuntu, Debian	Upstream	Released (2.9.4)





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (2.9.3+dfsg1-1ubuntu0.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.9.1+dfsg1-3ubuntu4.8)
	Patches: Upstream: https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
http://www.openwall.com/lists/oss-security/2016/05/04/7
https://ubuntu.com/security/notices/USN-2994-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823405
https://bugzilla.gnome.org/show_bug.cgi?id=766414

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›