xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
http://www.securityfocus.com/bid/93054
http://www.securitytracker.com/id/1036858
http://www.securitytracker.com/id/1038623
https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
https://security.gentoo.org/glsa/201701-37
https://support.apple.com/HT207141
https://support.apple.com/HT207142
Source: MITRE
Published: 2016-09-25
Updated: 2019-03-13
Type: CWE-119
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
OR
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
129559 | Amazon Linux 2 : libxml2 (ALAS-2019-1301) | Nessus | Amazon Linux Local Security Checks | critical |
129206 | EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2013) | Nessus | Huawei Local Security Checks | critical |
128910 | EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1858) | Nessus | Huawei Local Security Checks | critical |
126553 | EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2019-1711) | Nessus | Huawei Local Security Checks | critical |
126426 | EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1685) | Nessus | Huawei Local Security Checks | critical |
106828 | Fedora 26 : libxml2 (2018-a6b59d8f78) | Nessus | Fedora Local Security Checks | critical |
106521 | Fedora 27 : libxml2 (2018-db610fff5b) | Nessus | Fedora Local Security Checks | critical |
99492 | Fedora 24 : libxml2 (2017-be8574d593) | Nessus | Fedora Local Security Checks | critical |
99491 | Fedora 25 : libxml2 (2017-a3a47973eb) | Nessus | Fedora Local Security Checks | critical |
97793 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libxml2 vulnerabilities (USN-3235-1) | Nessus | Ubuntu Local Security Checks | critical |
97116 | openSUSE Security Update : libxml2 (openSUSE-2017-244) | Nessus | SuSE Local Security Checks | critical |
97015 | SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:0380-1) | Nessus | SuSE Local Security Checks | critical |
96541 | GLSA-201701-37 : libxml2: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
96101 | Debian DSA-3744-1 : libxml2 - security update | Nessus | Debian Local Security Checks | critical |
94598 | openSUSE Security Update : libxml2 (openSUSE-2016-1265) | Nessus | SuSE Local Security Checks | critical |
94529 | openSUSE Security Update : libxml2 (openSUSE-2016-1259) | Nessus | SuSE Local Security Checks | critical |
94448 | Debian DLA-691-1 : libxml2 security update | Nessus | Debian Local Security Checks | critical |
94320 | SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:2652-1) | Nessus | SuSE Local Security Checks | critical |
94319 | SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:2650-1) | Nessus | SuSE Local Security Checks | critical |
9620 | Mac OS X 10.x < 10.12 Multiple Vulnerabilities | Nessus Network Monitor | Operating System Detection | critical |
9621 | Apple TV < 10.0 Multiple Vulnerabilities | Nessus Network Monitor | Internet Services | critical |
9619 | Apple iOS < 10.0 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | critical |
93776 | Apple TV < 10 Multiple Vulnerabilities | Nessus | Misc. | critical |
93685 | macOS < 10.12 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |