A heap-buffer overread vulnerability was found in libxml2. A specially crafted file can cause the application to crash.
External bugzilla report with reproducer:
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1304638]
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1304639]
Affects: epel-7 [bug 1304640]
I believe that this is actually a duplicate of CVE-2016-2073
Actually marking this duplicate of CVE-2016-1839, to follow upstream.
*** This bug has been marked as a duplicate of bug 1338703 ***
This flaw was found to be a duplicate of CVE-2016-1839. Please see https://access.redhat.com/security/cve/CVE-2016-1839 for information about affected products and security errata.