mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-13 07:12:47 +00:00
941 B
941 B
CVE-2016-4658
Description
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
POC
Reference
No PoCs from references.