Vulnerability Description
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samsung | X14J Firmware | t-ms14jakucb-1102.5 |
| Fedoraproject | Fedora | 22 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182062.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182131.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182597.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00086.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html
- http://packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffer-Ov
- http://svn.apache.org/viewvc?view=revision&revision=1727978
- http://www.debian.org/security/2016/dsa-3493Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.h
- http://www.securityfocus.com/archive/1/537620/100/0/threaded
- http://www.securityfocus.com/bid/83423
- http://www.securitytracker.com/id/1035113
- http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txtVendor Advisory
FAQ
What is CVE-2016-0729?
CVE-2016-0729 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial...
How severe is CVE-2016-0729?
CVE-2016-0729 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-0729?
Check the references section above for vendor advisories and patch information. Affected products include: Samsung X14J Firmware, Fedoraproject Fedora.