CVE-2016-4472

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-4472
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4472.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-4472
Aliases
Downstream
Related
Published
2016-06-30T17:59:04Z
Modified
2026-04-09T04:42:35.033637Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

References

Affected packages

Git / github.com/libexpat/libexpat

Affected ranges

Type
GIT
Repo
https://github.com/libexpat/libexpat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ee0adc0d9d245f4f18863c997be9a1bfeeb0a070
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ca079a3ea30098aff3197c559a0e32d42dda6d84
Introduced
e054f452bd9118def58c18aa295662c9845e1c89
Fixed
17bf6b4671ec02d80ad29b278639d5307baddeb5
Introduced
3101b7076270756f8be699358c69c5d15ea2cc48
Fixed
7dc38385ce78c5c04637531c4325a83b57fbeb3a
Introduced
2e789a1f1d84b343a996e8654590703b5fbdd441
Fixed
3f568389763c205f8779ad75f2cf44ab9782608e
Introduced
5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12
Fixed
5fd33b5926eb8c9352bf5718369b4a8d72c4bb44
Database specific 
{
    "versions": [
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.15"
        },
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.7"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.7"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "fixed": "3.5.4"
        },
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.6.2"
        }
    ]
}

Affected versions

Other
REC1_0
R_1_95_0
R_1_95_2
R_1_95_3
R_1_95_4
R_1_95_5
R_1_95_6
R_1_95_7
R_1_95_8
R_2_0_0
R_2_0_1
R_2_1_0
R_2_1_1
V1990307
V19981122
V19981231
V19990109
V19990425
V19990626
V19990709
V19990728
V19991013
V1_0
V1_1
V20000512
beta2
beta3
beta4
jclark-orig
libexpat-alpha-1
sourceforge_init
start
v0.*
v0.9.8
v0.9.9
v1.*
v1.0.1
v1.0.2
v1.1
v1.1.1
v1.2
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3b1
v1.4
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6a1
v1.6a2
v2.*
v2.0
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2a3
v2.3c1
v2.3c2
v2.4
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v2.5a0
v2.5a1
v2.5a2
v2.5b1
v2.5b2
v2.5b3
v2.6
v2.6a1
v2.6a2
v2.6a3
v2.6b1
v2.6b2
v2.6b3
v2.6rc1
v2.6rc2
v2.7
v2.7.1
v2.7.10rc1
v2.7.11rc1
v2.7.12rc1
v2.7.13rc1
v2.7.15rc1
v2.7.1rc1
v2.7.2rc1
v2.7.3rc1
v2.7.4rc1
v2.7.5
v2.7.6rc1
v2.7.8
v2.7.9rc1
v2.7a1
v2.7a2
v2.7a3
v2.7a4
v2.7b1
v2.7b2
v2.7rc1
v2.7rc2
v3.*
v3.0a1
v3.0a2
v3.0a3
v3.0a4
v3.0a5
v3.0b1
v3.0b2
v3.0b3
v3.0rc1
v3.0rc2
v3.0rc3
v3.1
v3.1a1
v3.1a2
v3.1b1
v3.1rc1
v3.1rc2
v3.2a1
v3.2a2
v3.2a3
v3.2a4
v3.2b1
v3.2b2
v3.2rc1
v3.2rc2
v3.2rc3
v3.3.0
v3.3.0a2
v3.3.0a3
v3.3.0a4
v3.3.0b1
v3.3.0b2
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.2
v3.3.3rc1
v3.3.5rc2
v3.3.6
v3.3.6rc1
v3.3.7rc1
v3.4.0
v3.4.0a1
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0b1
v3.4.0b2
v3.4.0b3
v3.4.1
v3.4.1rc1
v3.4.2rc1
v3.4.3
v3.4.3rc1
v3.4.5
v3.4.5rc1
v3.4.6
v3.4.6rc1
v3.4.7rc1
v3.5.0a1
v3.5.0a2
v3.5.0a3
v3.5.0a4
v3.5.0b1
v3.5.0b3
v3.5.0b4
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1rc1
v3.5.2
v3.5.2rc1
v3.5.3
v3.5.3rc1
v3.5.4rc1
v3.6.0a3
v3.6.0b1
v3.6.0b3
v3.6.0b4
v3.6.0rc1
v3.6.2rc1
v3.6.2rc2

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "6.5.1"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4472.json"