VDB
CVE-2016-4472
CVE-2016-4472
PUBLISHED
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
EPSS 2.27% · 85.0th percentile
Risk Scores
EPSS Score
2.27%
85.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | cableswig | 0, 0.1.0+git20150808-2, 0.1.0+git20150808-1 |
| Ubuntu:Pro:20.04:LTS | libxmltok | 1.2-4ubuntu0.20.04.1~esm1, 1.2-4ubuntu0.20.04.1~esm3, * |
| Ubuntu:16.04:LTS | swish-e | 2.4.7-4build1, 2.4.7-4, 0 |
| Ubuntu:Pro:24.04:LTS | libxmltok | 1.2-4.1ubuntu2.24.0.4.1+esm1, 1.2-4.1ubuntu2, 1.2-4.1ubuntu1 |
| Ubuntu:18.04:LTS | xmlrpc-c | 1.33.14-8build1, 0, 1.33.14-8 |
| Ubuntu:20.04:LTS | matanza | 0.13+ds1-6, 0, 0.13+ds2-1 |
| Ubuntu:25.10 | swish-e | 2.4.7-6.3build1, 0, 2.4.7-6.3 |
| Ubuntu:Pro:18.04:LTS | libxmltok | *, *, 1.2-4ubuntu0.18.04.1~esm3 |
| Ubuntu:25.10 | matanza | 0, 0.13+ds2-2 |
| Ubuntu:22.04:LTS | swish-e | 2.4.7-6.1, 0, 2.4.7-6build3 |
| Ubuntu:22.04:LTS | cadaver | 0, 0.23.3-2.1build1 |
| Ubuntu:25.10 | sitecopy | 1:0.16.6-16build1, *, 0 |
| Ubuntu:20.04:LTS | swish-e | 2.4.7-6build2, 0, 2.4.7-6build1 |
| Ubuntu:Pro:16.04:LTS | vnc4 | 4.1.1+xorg4.3.0-37.3ubuntu2, 4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1, 0 |
| Ubuntu:16.04:LTS | insighttoolkit | 0, 3.20.1+git20120521-6build1, 3.20.1+git20120521-6 |
| Ubuntu:25.10 | coin3 | 4.0.3+ds-2, 0 |
| Ubuntu:Pro:14.04:LTS | coin3 | 3.1.4~abc9f50-4ubuntu2+esm1, 0, 3.1.4~abc9f50-4 |
| Ubuntu:24.04:LTS | swish-e | 0, 2.4.7-6.2build3, 2.4.7-6.2 |
| Ubuntu:22.04:LTS | xmlrpc-c | 1.33.14-9, 0, 1.33.14-10 |
| Ubuntu:25.10 | xmlrpc-c | 1.59.03-10, 1.59.03-10.1, 0 |
…and 25 more
Timeline
- May 18, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 2, 2025 EPSS Score
- Apr 3, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 8, 2025 EPSS Score
- May 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-4472 third-party-advisory
- https://ubuntu.com/security/notices/USN-3013-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5455-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-4472 third-party-advisory
- https://ubuntu.com/security/notices/USN-7199-1 vendor-advisory