Format String Vulnerability in libxml2 Affects Multiple Vendors
CVE-2016-4448

9.8CRITICAL

Key Information:

Vendor: HP
Status: Icewall Federation Agent
Vendor: CVE Published:; 9 June 2016

🔔 Create HP Vulnerability Alert

What is CVE-2016-4448?

A format string vulnerability in libxml2 prior to version 2.9.4 allows attackers to exploit format string specifiers in unverified contexts. This could potentially lead to unexpected behavior or exposure of sensitive data, highlighting the need for immediate updates to safeguard against such risks.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.slackware.com/security/viewer.php?l=slackware-...

vendor-advisoryx_refsource_SLACKWARE

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2016
Vulnerability Reserved
May 2, 2016

.