CVE-2016-4607

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-4607
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html Mailing List Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html Mailing List Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html Mailing List Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html Mailing List Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html Mailing List Vendor Advisory
http://www.securityfocus.com/bid/91834 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036348 Third Party Advisory VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
https://support.apple.com/HT206899 Vendor Advisory
https://support.apple.com/HT206901 Vendor Advisory
https://support.apple.com/HT206902 Vendor Advisory
https://support.apple.com/HT206903 Vendor Advisory
https://support.apple.com/HT206904 Vendor Advisory
https://support.apple.com/HT206905 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
History

No history.

Information

Published : 2016-07-22 02:59

Updated : 2023-11-07 02:32

NVD link : CVE-2016-4607

Mitre link : CVE-2016-4607

CVE.ORG link : CVE-2016-4607

JSON object : View

Products Affected

apple

  • tvos
  • icloud
  • itunes
  • mac_os_x
  • watchos
  • iphone_os

microsoft

  • windows

xmlsoft

  • libxslt

fedoraproject

  • fedora
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer