CVE-2016-3709

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-3709

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3709.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-3709

Downstream

ALPINE-CVE-2016-3709

DEBIAN-CVE-2016-3709

DLA-3878-1

OESA-2022-1828

OESA-2022-1829

RHSA-2022:7715

RHSA-2023:4767

SUSE-SU-2022:3717-1

SUSE-SU-2022:3871-1

SUSE-SU-2023:3665-1

UBUNTU-CVE-2016-3709

USN-5548-1

Related

Published

2022-07-28T17:15:07Z

Modified

2025-10-15T08:09:25.932968Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

References

https://mail.gnome.org/archives/xml/2018-January/msg00010.html

Affected packages

Git / github.com/gnome/libxml2

Affected ranges

Type: GIT
Repo: https://github.com/gnome/libxml2
Events: Introduced

726f67e2f140f8d936dfe993bf9ded3180d750d2

Fixed

e1bcffea180d6cc0651757bb64284a763e0e2239

Affected versions

Other

CVE-2015-1819

CVE-2015-5312

CVE-2015-7497

CVE-2015-7498

CVE-2015-7499-1

CVE-2015-7499-2

CVE-2015-7500

CVE-2015-7941_1

CVE-2015-7941_2

CVE-2015-7942

CVE-2015-7942-2

CVE-2015-8035

CVE-2015-8242

CVE-2015-8317

CVE-2016-1762

CVE-2016-1833

CVE-2016-1834

CVE-2016-1835

CVE-2016-1836

CVE-2016-1837

CVE-2016-1838

CVE-2016-1839

CVE-2016-1840

CVE-2016-3627

CVE-2016-3705

CVE-2016-4449

CVE-2016-4483

CVE-2021-3541

v2.*

v2.9.10

v2.9.10-rc1

v2.9.2

v2.9.3

v2.9.4

v2.9.4-rc1

v2.9.4-rc2

v2.9.5

v2.9.5-rc1

v2.9.5-rc2

v2.9.6

v2.9.6-rc1

v2.9.7

v2.9.7-rc1

v2.9.8

v2.9.8-rc1

v2.9.9

v2.9.9-rc1

v2.9.9-rc2

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/gnome/libxml2/commit/e1bcffea180d6cc0651757bb64284a763e0e2239",
        "id": "CVE-2016-3709-1aa97e63",
        "digest": {
            "line_hashes": [
                "61551077790304056876126381115245055965",
                "278846916215258117913027984776762678417",
                "335982757857177150834168525661853921922",
                "87840030754328165737181167332541198940",
                "61551077790304056876126381115245055965",
                "278846916215258117913027984776762678417",
                "105711474186756975709469310745455797308",
                "103706706750952072917010335478765316004",
                "227047217400973127911964602216150042388",
                "253258039250536385915162828640596572926",
                "335982757857177150834168525661853921922",
                "87840030754328165737181167332541198940",
                "227047217400973127911964602216150042388",
                "253258039250536385915162828640596572926",
                "105711474186756975709469310745455797308",
                "263486003320329746243870951465374401173",
                "112950646771093583388072220651695062566",
                "231864520689178078662381811343978537663",
                "213333773092754020127207462965134162165",
                "19008729915787537273927561381864711242",
                "112950646771093583388072220651695062566",
                "231864520689178078662381811343978537663",
                "213333773092754020127207462965134162165",
                "19008729915787537273927561381864711242",
                "273240550832595461615251408636344817319",
                "162912241845094166163791832543701405088",
                "671650474723048413359612334217206008",
                "22766956053755843453510076977580137201",
                "13167474649499926961065524423099785312",
                "83470413458974766405520199037916535562",
                "276402490468899750538561900822383734744",
                "333682037389609673181412300351361172030",
                "9499193487410093391036358074880903632",
                "30805303948970631633603096678317204355",
                "93889085830397632709481663916004609330",
                "229956981014592868447519071218013779439",
                "240624245583924818381392266620352655927",
                "223174899253645334504338538819361168413",
                "294476493037697202535040764027097131119",
                "129304591418198192271541858825325701656",
                "140204848231080657012011575632498051783",
                "75311632195512841680531928924350830586",
                "256053888072821081238103619703165798762",
                "235378452580802392739918607691411522119",
                "244992818881073020881304797438692585130",
                "66651940352215863530508914348900210359",
                "48019944339009281467628355593178272818",
                "106918772490863171659640772695582053951",
                "116925370429586760959130651896312835976",
                "148133004854708868535797103792350393744",
                "102183146399774788380381559441867815797",
                "308117370035021215489377534456228663968",
                "187339639605561687559806077174150854909",
                "130836858511549172127312257489846408951",
                "52797561731550596294797782502825671297",
                "313419538420946173683294680071732735569",
                "246138447249870484217065672110268629284"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "testapi.c"
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/gnome/libxml2/commit/e1bcffea180d6cc0651757bb64284a763e0e2239",
        "id": "CVE-2016-3709-4ad7707d",
        "digest": {
            "length": 1155.0,
            "function_hash": "198329610838053062539893085088781189951"
        },
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "test_xmlIO",
            "file": "testapi.c"
        },
        "signature_type": "Function"
    }
]