TROYANOSYVIRUS
Back to CVEs

CVE-2016-0718

CRITICAL
9.8

Description

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published5/26/2016
Last Modified4/12/2025
Sourcenvd
Honeypot Sightings0

Affected Products

apple:mac_os_xcanonical:ubuntu_linuxdebian:debian_linuxlibexpat_project:libexpatmcafee:policy_auditormozilla:firefoxopensuse:leapopensuse:opensusepython:pythonsuse:linux_enterprise_debuginfosuse:linux_enterprise_desktopsuse:linux_enterprise_serversuse:linux_enterprise_software_development_kitsuse:studio_onsite

Weaknesses (CWE)

CWE-119

References

http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html(secalert@redhat.com)
http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2016-2824.html(secalert@redhat.com)
http://seclists.org/fulldisclosure/2017/Feb/68(secalert@redhat.com)
http://support.eset.com/ca6333/(secalert@redhat.com)
http://www.debian.org/security/2016/dsa-3582(secalert@redhat.com)
http://www.mozilla.org/security/announce/2016/mfsa2016-68.html(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2016/05/17/12(secalert@redhat.com)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html(secalert@redhat.com)
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html(secalert@redhat.com)
http://www.securityfocus.com/bid/90729(secalert@redhat.com)
http://www.securitytracker.com/id/1036348(secalert@redhat.com)
http://www.securitytracker.com/id/1036415(secalert@redhat.com)
http://www.securitytracker.com/id/1037705(secalert@redhat.com)
http://www.ubuntu.com/usn/USN-2983-1(secalert@redhat.com)
http://www.ubuntu.com/usn/USN-3044-1(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:2486(secalert@redhat.com)
https://bugzilla.mozilla.org/show_bug.cgi?id=1236923(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1296102(secalert@redhat.com)
https://kc.mcafee.com/corporate/index?page=content&id=SB10365(secalert@redhat.com)
https://security.gentoo.org/glsa/201701-21(secalert@redhat.com)
https://source.android.com/security/bulletin/2016-11-01.html(secalert@redhat.com)
https://support.apple.com/HT206903(secalert@redhat.com)
https://www.tenable.com/security/tns-2016-20(secalert@redhat.com)
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2824.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2017/Feb/68(af854a3a-2127-422b-91ae-364da2661108)
http://support.eset.com/ca6333/(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3582(af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2016/mfsa2016-68.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/05/17/12(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/90729(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036348(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036415(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037705(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2983-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-3044-1(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2486(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1236923(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1296102(af854a3a-2127-422b-91ae-364da2661108)
https://kc.mcafee.com/corporate/index?page=content&id=SB10365(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-21(af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/2016-11-01.html(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT206903(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2016-20(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.