CVE-2016-2073

Publication date 12 February 2016

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libxml2	17.04 zesty	Not affected
	16.10 yakkety	Not affected
	16.04 LTS xenial	Fixed 2.9.3+dfsg1-1ubuntu0.1
	15.10 wily	Fixed 2.9.2+zdfsg1-4ubuntu0.4
	14.04 LTS trusty	Fixed 2.9.1+dfsg1-3ubuntu4.8
	12.04 LTS precise	Fixed 2.7.8.dfsg-5.1ubuntu4.15

Notes

mdeslaur

this is a dupe of CVE-2016-1839

Severity score breakdown

Parameter	Value
Base score	6.5 · Medium
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

USN-2994-1
libxml2 vulnerabilities
6 June 2016