A vulnerability was found in libxml2. Parsing a maliciously crafted xml file could cause the application to crash if recover mode is used.
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1332823]
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1332824]
Affects: epel-7 [bug 1332825]
This issue has been addressed in the following products:
Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html
CVE-2016-4483 is NOT a duplicate of CVE-2016-3627!
This issue has NOT been fixed for at least RHEL6 (CVE-2016-3627 has been).
This issue was fixed upstream with commit c97750d11bb8b6f3303e7131fe526a61ac65bcfd
Created attachment 1265117 [details]
Fix for CVE-2016-4483, upstream commit c97750d11bb8b6f3303e7131fe526a61ac65bcfd
Upstream commit that fixes CVE-2016-4483.
CVE-2016-4483 has also NOT been fixed for RHEL7. Patch applies cleanly.
(In reply to Leonard den Ottolander from comment #9)
> CVE-2016-4483 is NOT a duplicate of CVE-2016-3627!
> This issue has NOT been fixed for at least RHEL6 (CVE-2016-3627 has been).
> This issue was fixed upstream with commit
Thanks for the update:
CVE-2016-3627 was fixed via:
CVE-2016-4483 was fixed via:
When a specially-crafted XML file is parsed via an application compiled against libxml2, this can cause the application to crash. (No code execution)