vulnerability

Ubuntu: USN-2994-1 (CVE-2016-4449): libxml2 vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:P)

Published

Jun 6, 2016

Added

Jun 6, 2016

Modified

Mar 27, 2026

Description

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Solution

ubuntu-upgrade-libxml2

References

CVE-2016-4449
https://attackerkb.com/topics/CVE-2016-4449
CWE-20
DEBIAN-DLA-503-1
DEBIAN-DSA-3593
EUVD-EUVD-2016-5438
NVD-CVE-2016-4449
UBUNTU-USN-2994-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-5438

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report