Showing 1 - 7 of 7

CVE-2016-4472

Status Candidate

Overview

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

Related Files

Slackware Security Advisory - python Updates: Posted May 5, 2018; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.; tags | advisory, python; systems | linux, slackware; advisories | CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-9063, CVE-2017-9233, CVE-2018-1060, CVE-2018-1061; MD5 | 4830becfccec59ec7d1e08315d914061; Download | Favorite | View

Apple Security Advisory 2017-03-28-2: Posted Mar 28, 2017; Authored by Apple | Site apple.com; Apple Security Advisory 2017-03-28-2 - This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabilities in various included software.; tags | advisory, vulnerability; systems | windows, apple; advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153, CVE-2017-2383, CVE-2017-2463, CVE-2017-2479, CVE-2017-2480, CVE-2017-5029; MD5 | e81764e60882d63eba34b90e1a1a18b1; Download | Favorite | View

Apple Security Advisory 2017-03-22-2: Posted Mar 24, 2017; Authored by Apple | Site apple.com; Apple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.; tags | advisory, vulnerability; systems | apple; advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153; MD5 | 38c6e0f8c553ac1fec2b4079143ddd49; Download | Favorite | View

Apple Security Advisory 2017-03-22-1: Posted Mar 23, 2017; Authored by Apple | Site apple.com; Apple Security Advisory 2017-03-22-1 - iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.; tags | advisory, vulnerability; systems | windows, apple; advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153; MD5 | 1bcb766e4f3265ba41b97e9177076f73; Download | Favorite | View

Gentoo Linux Security Advisory 201701-21: Posted Jan 11, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201701-21 - Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. Versions less than 2.2.0-r1 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2012-6702, CVE-2013-0340, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300; MD5 | 9900fb8757b3436555947e2691bf6f5e; Download | Favorite | View

Slackware Security Advisory - expat Updates: Posted Dec 25, 2016; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.; tags | advisory; systems | linux, slackware; advisories | CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300; MD5 | 1870303524d6e5321fbea1b5cad1fdd2; Download | Favorite | View

Ubuntu Security Notice USN-3013-1: Posted Jun 21, 2016; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3013-1 - It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300; MD5 | 1bfe255d6d036e1b85b6eb10248eb742; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 67 files
malvuln 39 files
Ubuntu 38 files
Gentoo 26 files
Mesut Cetin 6 files
SunCSR 5 files
Jeremy Brown 5 files
Kshitiz Raj 5 files
Arnav Tripathy 5 files
1F98D 5 files

File Archives

Systems

AIX (421)
Apple (1,760)
BSD (368)
Cisco (1,902)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (4,010)
HPUX (873)
iOS (280)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (39,236)
Mac OS X (672)
Mandriva (3,105)
NetBSD (255)
OpenBSD (472)
RedHat (9,568)
Slackware (941)
Solaris (1,597)
SUSE (1,444)
Ubuntu (7,071)
UNIX (8,823)
UnixWare (180)
Windows (5,731)
Other

CVE-2016-4472

Overview

Related Files

File Archive:

January 2021

Top Authors In Last 30 Days

File Tags

File Archives

Systems