A heap-buffer overread vulnerability was found in libxml2. A specially crafted file can cause the application to crash. External bugzilla report with reproducer: https://bugzilla.gnome.org/show_bug.cgi?id=749115 CVE assignment: http://seclists.org/oss-sec/2016/q1/277
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1304638]
Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1304639] Affects: epel-7 [bug 1304640]
I believe that this is actually a duplicate of CVE-2016-2073
Actually marking this duplicate of CVE-2016-1839, to follow upstream. *** This bug has been marked as a duplicate of bug 1338703 ***
Statement: This flaw was found to be a duplicate of CVE-2016-1839. Please see https://access.redhat.com/security/cve/CVE-2016-1839 for information about affected products and security errata.