CVE-2016-4448
Description
Format string vulnerability in libxml2 before 2.9.4 allows remote attackers to cause unspecified critical impact via crafted input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Format string vulnerability in libxml2 before 2.9.4 allows remote attackers to cause unspecified critical impact via crafted input.
Vulnerability
A format string vulnerability exists in libxml2 versions prior to 2.9.4 [1]. The flaw allows attackers to use format string specifiers via unspecified vectors, potentially leading to memory corruption. Affected versions include libxml2 2.9.1 as shipped in Red Hat Enterprise Linux 7 [1].
Exploitation
An attacker can trigger this vulnerability by providing crafted input containing format string specifiers. The exact attack vector is not disclosed, but it is likely exploitable remotely without authentication (CVSS 9.8, critical) [1]. No special permissions are required.
Impact
Successful exploitation may allow an attacker to read or write arbitrary memory, potentially leading to information disclosure, denial of service, or arbitrary code execution. The impact is considered critical due to the high CVSS score [1].
Mitigation
The vulnerability is fixed in libxml2 version 2.9.4. Red Hat provides updated packages (libxml2-2.9.1-6.el7_2.3) for Red Hat Enterprise Linux 7 [1]. Users should upgrade to the latest version of libxml2 or apply vendor patches.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
31- osv-coords31 versionspkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/libxml2&distro=SUSE%20Manager%202.1pkg:rpm/suse/libxml2&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/libxml2&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Manager%202.1pkg:rpm/suse/libxml2-python&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/libxml2-python&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
< 2.9.1-24.1+ 30 more
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.7.6-0.44.1
- (no CPE)range: < 2.7.6-0.44.1
- (no CPE)range: < 2.7.6-0.44.1
- (no CPE)range: < 2.7.6-0.44.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.7.6-0.44.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.7.6-0.44.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.7.6-0.44.1
- (no CPE)range: < 2.7.6-0.44.1
- (no CPE)range: < 2.7.6-0.44.1
- (no CPE)range: < 2.7.6-0.44.4
- (no CPE)range: < 2.7.6-0.44.4
- (no CPE)range: < 2.7.6-0.44.4
- (no CPE)range: < 2.7.6-0.44.4
- (no CPE)range: < 2.7.6-0.44.4
- (no CPE)range: < 2.7.6-0.44.4
- (no CPE)range: < 2.7.6-0.44.4
- (no CPE)range: < 2.7.6-0.44.4
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.9.1-24.1
- (no CPE)range: < 2.9.1-24.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- rhn.redhat.com/errata/RHSA-2016-2957.htmlnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2016/05/25/2nvdMailing ListThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvdVendor Advisory
- www.securityfocus.com/bid/90856nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036348nvdThird Party AdvisoryVDB Entry
- www.slackware.com/security/viewer.phpnvdThird Party Advisory
- access.redhat.com/errata/RHSA-2016:1292nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- git.gnome.org/browse/libxml2/commit/nvdVendor Advisory
- git.gnome.org/browse/libxml2/commit/nvdVendor Advisory
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- kc.mcafee.com/corporate/indexnvdThird Party Advisory
- www.tenable.com/security/tns-2016-18nvdThird Party Advisory
- lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlnvdMailing ListRelease Notes
- lists.apple.com/archives/security-announce/2016/Jul/msg00001.htmlnvdMailing ListRelease Notes
- lists.apple.com/archives/security-announce/2016/Jul/msg00002.htmlnvdMailing ListRelease Notes
- lists.apple.com/archives/security-announce/2016/Jul/msg00003.htmlnvdMailing ListRelease Notes
- lists.apple.com/archives/security-announce/2016/Jul/msg00005.htmlnvdMailing ListRelease Notes
- xmlsoft.org/news.htmlnvdRelease Notes
- support.apple.com/HT206899nvdRelease Notes
- support.apple.com/HT206901nvdRelease Notes
- support.apple.com/HT206902nvdRelease Notes
- support.apple.com/HT206903nvdRelease Notes
- support.apple.com/HT206904nvdRelease Notes
- support.apple.com/HT206905nvdRelease Notes
News mentions
0No linked articles in our index yet.