VDB
CVE-2016-0729
CVE-2016-0729
PUBLISHED
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
EPSS 23.02% · 96.0th percentile
Risk Scores
EPSS Score
23.02%
96.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | xerces-c | 0, 3.1.1-3, 3.1.1-3ubuntu1 |
Exploit Intelligence
- FEDORA-2016-880b91c090 (circl)
- http://packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffer-Overflow.html (circl)
- 1035113 (circl)
- 83423 (circl)
- http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt (circl)
- http://svn.apache.org/viewvc?view=revision&revision=1727978 (circl)
- FEDORA-2016-ae9ac16cf3 (circl)
- openSUSE-SU-2016:1121 (circl)
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html (circl)
- 20160225 CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input (circl)
…and 8 more exploits
Timeline
- Apr 7, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- May 31, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-0729 third-party-advisory
- https://marc.info/?l=oss-security&m=145641008814590&w=2 third-party-advisory
- http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt third-party-advisory
- http://svn.apache.org/viewvc?view=revision&revision=1727978 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-0729 third-party-advisory