Description
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Published: 2016-05-26
Score: 9.8 Critical
EPSS: 2.8% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-483-1 expat security update
Debian DSA Debian DSA DSA-3582-1 expat security update
EUVD EUVD EUVD-2016-0749 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Ubuntu USN Ubuntu USN USN-2983-1 Expat vulnerability
Ubuntu USN Ubuntu USN USN-3013-1 XML-RPC for C and C++ vulnerabilities
Ubuntu USN Ubuntu USN USN-3044-1 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-5455-1 xmltok library vulnerabilities
Ubuntu USN Ubuntu USN USN-7199-1 xmltok library vulnerabilities
References
Link Providers
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html cve-icon cve-icon
http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2016-2824.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2017/Feb/68 cve-icon cve-icon
http://support.eset.com/ca6333/ cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3582 cve-icon cve-icon
http://www.mozilla.org/security/announce/2016/mfsa2016-68.html cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2016/05/17/12 cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html cve-icon cve-icon
http://www.securityfocus.com/bid/90729 cve-icon cve-icon
http://www.securitytracker.com/id/1036348 cve-icon cve-icon
http://www.securitytracker.com/id/1036415 cve-icon cve-icon
http://www.securitytracker.com/id/1037705 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2983-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-3044-1 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2018:2486 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=1236923 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1296102 cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10365 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2016-0718 cve-icon
https://security.gentoo.org/glsa/201701-21 cve-icon cve-icon
https://source.android.com/security/bulletin/2016-11-01.html cve-icon cve-icon
https://support.apple.com/HT206903 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2016-0718 cve-icon
https://www.tenable.com/security/tns-2016-20 cve-icon cve-icon
History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.01656}

 epss

{'score': 0.01504}

Subscriptions

Apple Mac Os X
Canonical Ubuntu Linux
Debian Debian Linux
Libexpat Project Libexpat
Mcafee Policy Auditor
Mozilla Firefox
Opensuse Leap Opensuse
Python Python
Redhat Enterprise Linux Jboss Core Services
Suse Linux Enterprise Debuginfo Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit Studio Onsite
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-05T22:30:03.995Z

Reserved: 2015-12-16T00:00:00.000Z

Link: CVE-2016-0718

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2016-05-26T16:59:00.133

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-0718

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-05-17T00:00:00Z

Links: CVE-2016-0718 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses