Vulnetix
Try Vulnetix Request Demo
CVE-2016-4472 PUBLISHED

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

EPSS 2.27% · 84.5th percentile

Risk Scores

EPSS Score
2.27%
84.5th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTScableswig0.1.0+git20150808-2, 0.1.0+git20150808-1, 0
Ubuntu:Pro:20.04:LTSlibxmltok1.2-4ubuntu0.20.04.1~esm1, 1.2-4ubuntu0.20.04.1~esm3, 1.2-4ubuntu0.20.04.1~esm2
Ubuntu:16.04:LTSswish-e2.4.7-4build1, 0, 2.4.7-4
Ubuntu:Pro:24.04:LTSlibxmltok1.2-4.1ubuntu2.24.0.4.1+esm1, 0, 1.2-4ubuntu1
Ubuntu:18.04:LTSxmlrpc-c0, 1.33.14-8, 1.33.14-8build1
Ubuntu:20.04:LTSmatanza0, 0.13+ds2-1, 0.13+ds1-6
Ubuntu:25.10swish-e2.4.7-7, 2.4.7-6.3build1, 2.4.7-6.3
Ubuntu:Pro:18.04:LTSlibxmltok1.2-4ubuntu0.18.04.1~esm1, 1.2-4ubuntu0.18.04.1~esm2, 1.2-4ubuntu0.18.04.1~esm3
Ubuntu:25.10matanza0, 0.13+ds2-2
Ubuntu:22.04:LTSswish-e2.4.7-6.1, 2.4.7-6.1build1, 2.4.7-6build3
Ubuntu:22.04:LTScadaver0.23.3-2.1build1, 0
Ubuntu:25.10sitecopy1:0.16.6-16, 1:0.16.6-16build1, 0
Ubuntu:20.04:LTSswish-e2.4.7-6build1, 2.4.7-6build2, 0
Ubuntu:Pro:16.04:LTSvnc40, 4.1.1+xorg4.3.0-37.3ubuntu2, 4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1
Ubuntu:16.04:LTSinsighttoolkit0, 3.20.1+git20120521-6, 3.20.1+git20120521-6build1
Ubuntu:25.10coin34.0.3+ds-2, 0
Ubuntu:Pro:14.04:LTScoin33.1.4~abc9f50-3, 0, 3.1.4~abc9f50-4
Ubuntu:24.04:LTSswish-e2.4.7-6.2build3, 2.4.7-6.2, 0
Ubuntu:22.04:LTSxmlrpc-c0, 1.33.14-9, 1.33.14-10
Ubuntu:25.10xmlrpc-c1.59.03-10, 1.59.03-9, 1.59.03-10.1

…and 25 more

Timeline

References

Open in Interactive Console →