CVE-2016-5300 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-5300 PUBLISHED

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

EPSS 2.20% · 84.3th percentile

Risk Scores

EPSS Score

2.20%

84.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:14.04:LTS	vnc4	0, 4.1.1+xorg4.3.0-37ubuntu5, 4.1.1+xorg4.3.0-37ubuntu5.0.1
Ubuntu:20.04:LTS	xmlrpc-c	1.33.14-8build1, 0, 1.33.14-8build2
Ubuntu:16.04:LTS	expat	2.1.0-7, 2.1.0-7ubuntu0.16.04.1, 0
Ubuntu:18.04:LTS	xmlrpc-c	0, 1.33.14-8build1, 1.33.14-8
Ubuntu:25.10	sitecopy	1:0.16.6-16, 1:0.16.6-16build1, 0
Ubuntu:18.04:LTS	vnc4	0, 4.1.1+xorg4.3.0-37.3ubuntu2
Ubuntu:14.04:LTS	xmlrpc-c	1.33.06-0ubuntu1, 0, 1.16.33-3.2ubuntu3
Ubuntu:Pro:16.04:LTS	vnc4	0, 4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1, 4.1.1+xorg4.3.0-37.3ubuntu2
Ubuntu:14.04:LTS	expat	0, 2.1.0-4ubuntu1.1, 2.1.0-4ubuntu1.2
Ubuntu:24.04:LTS	xmlrpc-c	1.33.14-11.1, 1.33.14-12build2, 1.33.14-12build1
Ubuntu:25.10	xmlrpc-c	1.59.03-10.1, 0, 1.59.03-7
Ubuntu:22.04:LTS	xmlrpc-c	1.33.14-10, 1.33.14-9, 0
Ubuntu:16.04:LTS	xmlrpc-c	1.33.14-0.2ubuntu3, 1.33.14-1ubuntu1, 0

Timeline

Jun 6, 2016 CVE Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 9, 2025 EPSS Score
Apr 10, 2025 EPSS Score
Apr 14, 2025 EPSS Score
Apr 15, 2025 EPSS Score
Apr 18, 2025 EPSS Score
Apr 19, 2025 EPSS Score
May 5, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2016-5300 third-party-advisory
http://seclists.org/oss-sec/2016/q2/468 third-party-advisory
https://ubuntu.com/security/notices/USN-3013-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3010-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2016-5300 third-party-advisory

Open in Interactive Console →