libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck() and xmlParseAttValueComplex() functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE(s): CVE-2016-3705
Affected product(s) and affected version(s):
IBM Security Guardium V 10.0, 10.0.1, 10.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2dvjr0Q
X-Force Database: http://ift.tt/1syye00
from IBM Product Security Incident Response Team http://ift.tt/2dvjUjD
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.