The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libxml2 | Xmlsoft | * | 2.9.4 (excluding) |
Text-Only JBCS | RedHat | * | |
Libxml2 | Ubuntu | esm-infra-legacy/trusty | * |
Libxml2 | Ubuntu | esm-infra/xenial | * |
Libxml2 | Ubuntu | precise | * |
Libxml2 | Ubuntu | trusty | * |
Libxml2 | Ubuntu | trusty/esm | * |
Libxml2 | Ubuntu | upstream | * |
Libxml2 | Ubuntu | vivid/stable-phone-overlay | * |
Libxml2 | Ubuntu | wily | * |
Libxml2 | Ubuntu | xenial | * |