{"id":"MGASA-2016-0263","summary":"Updated libxml2 packages fix security vulnerability","details":"A heap-based buffer overflow flaw was found in the way libxml2 parsed\ncertain crafted XML input. A remote attacker could provide a specially\ncrafted XML file that, when opened in an application linked against\nlibxml2, would cause the application to crash or execute arbitrary code\nwith the permissions of the user running the application (CVE-2016-1834,\nCVE-2016-1840).\n\nMultiple denial of service flaws were found in libxml2. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, could cause that application to crash\n(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836,\nCVE-2016-1837, CVE-2016-1838, CVE-2016-1839,  CVE-2015-8806,\nCVE-2016-2073, CVE-2016-4483, CVE-2016-4447, CVE-2016-4448,\nCVE-2016-4449).\n\nThe libxml2 package has been updated to version 2.9.4, fixing these issues\nand other bugs.\n","modified":"2026-04-16T01:45:25.206940588Z","published":"2016-07-26T21:59:16Z","upstream":["CVE-2015-8806","CVE-2016-1762","CVE-2016-1833","CVE-2016-1834","CVE-2016-1835","CVE-2016-1836","CVE-2016-1837","CVE-2016-1838","CVE-2016-1839","CVE-2016-1840","CVE-2016-2073","CVE-2016-4447","CVE-2016-4448","CVE-2016-4449","CVE-2016-4483"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0263.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18486"},{"type":"WEB","url":"http://www.xmlsoft.org/news.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2016-1292.html"},{"type":"WEB","url":"http://lwn.net/Vulnerabilities/688826/"}],"affected":[{"package":{"name":"libxml2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxml2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0263.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}