{"id":"CVE-2016-0718","details":"Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.","aliases":["PSF-2016-2"],"modified":"2026-04-16T01:38:36.838810801Z","published":"2016-05-26T16:59:00.133Z","related":["SUSE-SU-2016:1508-1","SUSE-SU-2016:1512-1","SUSE-SU-2017:2699-1","SUSE-SU-2017:2700-1","SUSE-SU-2020:0497-1","openSUSE-SU-2024:10071-1","openSUSE-SU-2024:10077-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2824.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2017/Feb/68"},{"type":"ADVISORY","url":"http://support.eset.com/ca6333/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3582"},{"type":"ADVISORY","url":"http://www.mozilla.org/security/announce/2016/mfsa2016-68.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/05/17/12"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/90729"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036348"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036415"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037705"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2983-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3044-1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2486"},{"type":"ADVISORY","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1236923"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1296102"},{"type":"ADVISORY","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10365"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-21"},{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2016-11-01.html"},{"type":"ADVISORY","url":"https://support.apple.com/HT206903"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2016-20"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1236923"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1296102"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2017/Feb/68"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2016/05/17/12"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/git/git","events":[{"introduced":"0"},{"fixed":"b260d265e189728b26e50506ac6ffab6a7d588da"}]}],"versions":["gitgui-0.10.0","gitgui-0.10.1","gitgui-0.10.2","gitgui-0.11.0","gitgui-0.12.0","gitgui-0.13.0","gitgui-0.14.0","gitgui-0.15.0","gitgui-0.16.0","gitgui-0.17.0","gitgui-0.18.0","gitgui-0.19.0","gitgui-0.6.0","gitgui-0.6.1","gitgui-0.6.2","gitgui-0.6.3","gitgui-0.6.4","gitgui-0.6.5","gitgui-0.7.0","gitgui-0.7.0-rc1","gitgui-0.7.1","gitgui-0.7.2","gitgui-0.7.3","gitgui-0.7.4","gitgui-0.7.5","gitgui-0.8.0","gitgui-0.8.1","gitgui-0.8.2","gitgui-0.8.3","gitgui-0.8.4","gitgui-0.9.0","gitgui-0.9.1","gitgui-0.9.2","gitgui-0.9.3","v0.99","v0.99.1","v0.99.2","v0.99.3","v0.99.4","v0.99.5","v0.99.6","v0.99.7","v0.99.7a","v0.99.7b","v0.99.7c","v0.99.7d","v0.99.8","v0.99.8a","v0.99.8b","v0.99.8c","v0.99.8d","v0.99.8e","v0.99.8f","v0.99.8g","v0.99.9","v0.99.9a","v0.99.9b","v0.99.9c","v0.99.9d","v0.99.9e","v0.99.9f","v0.99.9g","v0.99.9h","v0.99.9i","v0.99.9j","v0.99.9k","v0.99.9l","v0.99.9m","v0.99.9n","v1.0.0","v1.0.0a","v1.0.0b","v1.0.1","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.8","v1.0.9","v1.0rc1","v1.0rc2","v1.0rc3","v1.0rc4","v1.0rc5","v1.0rc6","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.1.6","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.2.6","v1.3.0","v1.3.0-rc1","v1.3.0-rc2","v1.3.0-rc3","v1.3.0-rc4","v1.3.1","v1.3.2","v1.3.3","v1.4.0","v1.4.0-rc1","v1.4.0-rc2","v1.4.1","v1.4.1-rc1","v1.4.1-rc2","v1.4.1.1","v1.4.2","v1.4.2-rc1","v1.4.2-rc2","v1.4.2-rc3","v1.4.2-rc4","v1.4.2.1","v1.4.2.2","v1.4.2.3","v1.4.2.4","v1.4.3","v1.4.3-rc1","v1.4.3-rc2","v1.4.3-rc3","v1.4.3.1","v1.4.3.2","v1.4.3.3","v1.4.3.4","v1.4.3.5","v1.4.4","v1.4.4-rc1","v1.4.4-rc2","v1.4.4.1","v1.4.4.2","v1.4.4.3","v1.4.4.4","v1.5.0","v1.5.0-rc0","v1.5.0-rc1","v1.5.0-rc2","v1.5.0-rc3","v1.5.0-rc4","v1.5.0.1","v1.5.0.2","v1.5.0.3","v1.5.0.4","v1.5.0.5","v1.5.0.6","v1.5.0.7","v1.5.1","v1.5.1-rc1","v1.5.1-rc2","v1.5.1-rc3","v1.5.1.1","v1.5.1.2","v1.5.1.3","v1.5.1.4","v1.5.1.5","v1.5.1.6","v1.5.2","v1.5.2-rc0","v1.5.2-rc1","v1.5.2-rc2","v1.5.2-rc3","v1.5.2.1","v1.5.2.2","v1.5.2.3","v1.5.2.4","v1.5.2.5","v1.5.3","v1.5.3-rc0","v1.5.3-rc1","v1.5.3-rc2","v1.5.3-rc3","v1.5.3-rc4","v1.5.3-rc5","v1.5.3-rc6","v1.5.3-rc7","v1.5.3.1","v1.5.3.2","v1.5.3.3","v1.5.3.4","v1.5.3.5","v1.5.3.6","v1.5.3.7","v1.5.3.8","v1.5.4","v1.5.4-rc0","v1.5.4-rc1","v1.5.4-rc2","v1.5.4-rc3","v1.5.4-rc4","v1.5.4-rc5","v1.5.4.1","v1.5.4.2","v1.5.4.3","v1.5.4.4","v1.5.4.5","v1.5.4.6","v1.5.4.7","v1.5.5","v1.5.5-rc0","v1.5.5-rc1","v1.5.5-rc2","v1.5.5-rc3","v1.5.5.1","v1.5.5.2","v1.5.5.3","v1.5.5.4","v1.5.5.5","v1.5.5.6","v1.5.6","v1.5.6-rc0","v1.5.6-rc1","v1.5.6-rc2","v1.5.6-rc3","v1.5.6.1","v1.5.6.2","v1.5.6.3","v1.5.6.4","v1.5.6.5","v1.5.6.6","v1.6.0","v1.6.0-rc0","v1.6.0-rc1","v1.6.0-rc2","v1.6.0-rc3","v1.6.0.1","v1.6.0.2","v1.6.0.3","v1.6.0.4","v1.6.0.5","v1.6.0.6","v1.6.1","v1.6.1-rc1","v1.6.1-rc2","v1.6.1-rc3","v1.6.1-rc4","v1.6.1.1","v1.6.1.2","v1.6.1.3","v1.6.1.4","v1.6.2","v1.6.2-rc0","v1.6.2-rc1","v1.6.2-rc2","v1.6.2.1","v1.6.2.2","v1.6.2.3","v1.6.2.4","v1.6.2.5","v1.6.3","v1.6.3-rc0","v1.6.3-rc1","v1.6.3-rc2","v1.6.3-rc3","v1.6.3-rc4","v1.6.3.1","v1.6.3.2","v1.6.3.3","v1.6.3.4","v1.6.4","v1.6.4-rc0","v1.6.4-rc1","v1.6.4-rc2","v1.6.4-rc3","v1.6.4.1","v1.6.4.2","v1.6.4.3","v1.6.4.4","v1.6.4.5","v1.6.5","v1.6.5-rc0","v1.6.5-rc1","v1.6.5-rc2","v1.6.5-rc3","v1.6.5.1","v1.6.5.2","v1.6.5.3","v1.6.5.4","v1.6.5.5","v1.6.5.6","v1.6.5.7","v1.6.5.8","v1.6.5.9","v1.6.6","v1.6.6-rc0","v1.6.6-rc1","v1.6.6-rc2","v1.6.6-rc3","v1.6.6-rc4","v1.6.6.1","v1.6.6.2","v1.6.6.3","v1.7.0","v1.7.0-rc0","v1.7.0-rc1","v1.7.0-rc2","v1.7.0.1","v1.7.0.2","v1.7.0.3","v1.7.0.4","v1.7.0.5","v1.7.0.6","v1.7.0.7","v1.7.0.8","v1.7.0.9","v1.7.1","v1.7.1-rc0","v1.7.1-rc1","v1.7.1-rc2","v1.7.1.1","v1.7.1.2","v1.7.1.3","v1.7.1.4","v1.7.10","v1.7.10-rc0","v1.7.10-rc1","v1.7.10-rc2","v1.7.10-rc3","v1.7.10-rc4","v1.7.10.1","v1.7.10.2","v1.7.10.3","v1.7.10.4","v1.7.10.5","v1.7.11","v1.7.11-rc0","v1.7.11-rc1","v1.7.11-rc2","v1.7.11-rc3","v1.7.11.1","v1.7.11.2","v1.7.11.3","v1.7.11.4","v1.7.11.5","v1.7.11.6","v1.7.11.7","v1.7.12","v1.7.12-rc0","v1.7.12-rc1","v1.7.12-rc2","v1.7.12-rc3","v1.7.12.1","v1.7.12.2","v1.7.12.3","v1.7.12.4","v1.7.2","v1.7.2-rc0","v1.7.2-rc1","v1.7.2-rc2","v1.7.2-rc3","v1.7.2.1","v1.7.2.2","v1.7.2.3","v1.7.2.4","v1.7.2.5","v1.7.3","v1.7.3-rc0","v1.7.3-rc1","v1.7.3-rc2","v1.7.3.1","v1.7.3.2","v1.7.3.3","v1.7.3.4","v1.7.3.5","v1.7.4","v1.7.4-rc0","v1.7.4-rc1","v1.7.4-rc2","v1.7.4-rc3","v1.7.4.1","v1.7.4.2","v1.7.4.3","v1.7.4.4","v1.7.4.5","v1.7.5","v1.7.5-rc0","v1.7.5-rc1","v1.7.5-rc2","v1.7.5-rc3","v1.7.5.1","v1.7.5.2","v1.7.5.3","v1.7.5.4","v1.7.6","v1.7.6-rc0","v1.7.6-rc1","v1.7.6-rc2","v1.7.6-rc3","v1.7.6.1","v1.7.6.2","v1.7.6.3","v1.7.6.4","v1.7.6.5","v1.7.6.6","v1.7.7","v1.7.7-rc0","v1.7.7-rc1","v1.7.7-rc2","v1.7.7-rc3","v1.7.7.1","v1.7.7.2","v1.7.7.3","v1.7.7.4","v1.7.7.5","v1.7.7.6","v1.7.7.7","v1.7.8","v1.7.8-rc0","v1.7.8-rc1","v1.7.8-rc2","v1.7.8-rc3","v1.7.8-rc4","v1.7.8.1","v1.7.8.2","v1.7.8.3","v1.7.8.4","v1.7.8.5","v1.7.8.6","v1.7.9","v1.7.9-rc0","v1.7.9-rc1","v1.7.9-rc2","v1.7.9.1","v1.7.9.2","v1.7.9.3","v1.7.9.4","v1.7.9.5","v1.7.9.6","v1.7.9.7","v1.8.0","v1.8.0-rc0","v1.8.0-rc1","v1.8.0-rc2","v1.8.0-rc3","v1.8.0.1","v1.8.0.2","v1.8.0.3","v1.8.1","v1.8.1-rc0","v1.8.1-rc1","v1.8.1-rc2","v1.8.1-rc3","v1.8.1.1","v1.8.1.2","v1.8.1.3","v1.8.1.4","v1.8.1.5","v1.8.1.6","v1.8.2","v1.8.2-rc0","v1.8.2-rc1","v1.8.2-rc2","v1.8.2-rc3","v1.8.2.1","v1.8.2.2","v1.8.2.3","v1.8.3","v1.8.3-rc0","v1.8.3-rc1","v1.8.3-rc2","v1.8.3-rc3","v1.8.3.1","v1.8.3.2","v1.8.3.3","v1.8.3.4","v1.8.4","v1.8.4-rc0","v1.8.4-rc1","v1.8.4-rc2","v1.8.4-rc3","v1.8.4-rc4","v1.8.4.1","v1.8.4.2","v1.8.4.3","v1.8.4.4","v1.8.4.5","v1.8.5","v1.8.5-rc0","v1.8.5-rc1","v1.8.5-rc2","v1.8.5-rc3","v1.8.5.1","v1.8.5.2","v1.8.5.3","v1.8.5.4","v1.8.5.5","v1.9-rc0","v1.9-rc1","v1.9-rc2","v1.9.0","v1.9.0-rc3","v1.9.1","v1.9.2","v1.9.3","v1.9.4","v2.0.0","v2.0.0-rc0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.0-rc4","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.1.0","v2.1.0-rc0","v2.1.0-rc1","v2.1.0-rc2","v2.1.1","v2.1.2","v2.1.3","v2.2.0-rc0","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0718.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/phpmyadmin/phpmyadmin","events":[{"introduced":"082d0e5c8ea1de4d6014a4a57de02104f1c383f4"},{"fixed":"a8a93c3e5af85dd0329e1a71b8bed664c9ec4bc2"},{"introduced":"09896700e4c90916997da5d5d0579ea92a1f6d5a"},{"fixed":"c394f149f6b44524104dd8b02a6d567eb21f67e7"},{"introduced":"2238938455a452d7b08562a5fabb04c893efd648"},{"fixed":"1a5b3f9867354a3c563a2479b1cda6bc89282ea9"}]}],"versions":["RELEASE_3_4_0","RELEASE_3_4_1","RELEASE_3_4_1RC1","RELEASE_3_4_2","RELEASE_3_4_2RC1","RELEASE_3_4_3","RELEASE_3_4_3RC1","RELEASE_3_4_3_1","RELEASE_3_4_3_2","RELEASE_3_4_4","RELEASE_3_4_4RC1","RELEASE_3_4_5","RELEASE_3_4_5RC1","RELEASE_3_4_6","RELEASE_3_4_6RC1","RELEASE_3_4_7RC1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0718.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"ca079a3ea30098aff3197c559a0e32d42dda6d84"},{"introduced":"2e789a1f1d84b343a996e8654590703b5fbdd441"},{"fixed":"3f568389763c205f8779ad75f2cf44ab9782608e"},{"introduced":"3101b7076270756f8be699358c69c5d15ea2cc48"},{"fixed":"7dc38385ce78c5c04637531c4325a83b57fbeb3a"},{"introduced":"5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12"},{"fixed":"5fd33b5926eb8c9352bf5718369b4a8d72c4bb44"},{"introduced":"e054f452bd9118def58c18aa295662c9845e1c89"},{"fixed":"17bf6b4671ec02d80ad29b278639d5307baddeb5"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0718.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}