CVE-2016-4658: Improper Restriction of Operations within the Bounds of a Memory Buffer

September 25, 2016 (updated March 13, 2019)

xpointer.c in libxml2 (as used in Apple iOS, OS X, tvOS, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

References

nvd.nist.gov/vuln/detail/CVE-2016-4658

Detect and mitigate CVE-2016-4658 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →