CVE-2016-4447

7.5HIGH

Key Information:

Vendor: HP
Status: Icewall Federation Agent
Vendor: CVE Published:; 9 June 2016

Summary

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.slackware.com/security/viewer.php?l=slackware-...

vendor-advisoryx_refsource_SLACKWARE

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2016
Vulnerability Reserved
May 2, 2016