suse · CVE-2016-1839

Quick triage

Priority: medium Published: 2021-05-30 13:38:33 UTC Updated: 2026-04-18 18:01:26 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-1839 severity moderate: SUSE including 137 source package names (0.9.1:libxml2-2-2.9.4-36.1, 1.0.0:libxml2-2-2.9.4-36.1, …), 271 product×package rows across 96 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (96 product lines)): Fixed 271.

Description:

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

cvelogic Threat Intelligence