CVE-2016-5131

Published: 23 July 2016

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (52.0.2743.82)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (52.0.2743.116-0ubuntu0.16.04.1.1250)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [52.0.2743.116-0ubuntu0.14.04.1.1134])
Patches:
Upstream: https://codereview.chromium.org/2127493002
libxml2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.9.3+dfsg1-1ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.9.1+dfsg1-3ubuntu4.9)
Patches:
Upstream: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
Upstream: https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8
oxide-qt
Launchpad, Ubuntu, Debian
Upstream
Released (1.16.5)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.16.5-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.16.5-0ubuntu0.14.04.1])