Critical severity9.8NVD Advisory· Published Sep 25, 2016· Updated Jun 17, 2026
CVE-2016-4658
CVE-2016-4658
Description
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.7.1 | 1.7.1 |
Affected products
30- ghsa-coords25 versionspkg:gem/nokogiripkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
< 1.7.1+ 24 more
- (no CPE)range: < 1.7.1
- (no CPE)range: < 2.9.12-1.2
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 1.13.3-1.1
- (no CPE)range: < 2.9.1-26.3.1
- (no CPE)range: < 2.9.4-33.1
- (no CPE)range: < 2.7.6-0.50.1
- (no CPE)range: < 2.9.1-26.3.1
- (no CPE)range: < 2.9.4-33.1
- (no CPE)range: < 2.9.4-33.1
- (no CPE)range: < 2.7.6-0.50.1
- (no CPE)range: < 2.9.1-26.3.1
- (no CPE)range: < 2.9.4-33.1
- (no CPE)range: < 2.7.6-0.50.1
- (no CPE)range: < 2.9.1-26.3.1
- (no CPE)range: < 2.9.4-33.1
- (no CPE)range: < 2.7.6-0.50.4
- (no CPE)range: < 2.7.6-0.50.4
- (no CPE)range: < 2.9.1-26.3.1
- (no CPE)range: < 2.9.4-33.1
- (no CPE)range: < 2.9.1-26.3.1
- (no CPE)range: < 2.9.4-33.1
- (no CPE)range: < 2.9.4-33.1
- (no CPE)range: < 2.9.1-26.3.1
- (no CPE)range: < 2.9.4-33.1
Patches
Vulnerability mechanics
References
15- git.gnome.org/browse/libxml2/commit/nvdPatchThird Party AdvisoryWEB
- lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlnvdMailing ListVendor AdvisoryWEB
- lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlnvdMailing ListVendor AdvisoryWEB
- lists.apple.com/archives/security-announce/2016/Sep/msg00010.htmlnvdMailing ListVendor AdvisoryWEB
- lists.apple.com/archives/security-announce/2016/Sep/msg00011.htmlnvdMailing ListVendor AdvisoryWEB
- www.securityfocus.com/bid/93054nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036858nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038623nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-fr52-4hqw-p27fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-4658ghsaADVISORY
- security.gentoo.org/glsa/201701-37nvdThird Party AdvisoryWEB
- support.apple.com/HT207141nvdVendor AdvisoryWEB
- support.apple.com/HT207142nvdVendor AdvisoryWEB
- support.apple.com/HT207143nvdVendor AdvisoryWEB
- support.apple.com/HT207170nvdVendor AdvisoryWEB
News mentions
0No linked articles in our index yet.