CVE-2016-4448: Critical severity hp icewall federation agent vulnerability

Published May 23, 2016
·
Updated

A vulnerability was found in the libxml2 library. There exist a possible format string vulnerability.

https://bugzilla.gnome.org/showbug.cgi?id=761029

Upstream fixes:

https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9 https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b

Other sources

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

MITRE

Affected Software

42 affected components
HP IceWall Federation Agent=3.0
redhat Enterprise Linux=6.0
redhat Enterprise Linux=7.0
Apple WatchOS<=2.2.1
Apple iOS and macOS<10.11.6
Xmlsoft Libxml2<=2.9.3
Apple iCloud<5.2.1
Microsoft Windows
Apple iPhone OS<=9.3.2
redhat Enterprise Linux Desktop=6.0
redhat Enterprise Linux Desktop=7.0
redhat Enterprise Linux Server=6.0
redhat Enterprise Linux Server=7.0
redhat Enterprise Linux Server Aus=7.2
redhat Enterprise Linux Server Aus=7.3
redhat Enterprise Linux Server Aus=7.4
redhat Enterprise Linux Server Aus=7.6
redhat Enterprise Linux Server Aus=7.7
redhat Enterprise Linux Server Eus=7.2
redhat Enterprise Linux Server Eus=7.3
redhat Enterprise Linux Server Eus=7.4
redhat Enterprise Linux Server Eus=7.5
redhat Enterprise Linux Server Eus=7.6
redhat Enterprise Linux Server Eus=7.7
redhat Enterprise Linux Server Tus=7.2
redhat Enterprise Linux Server Tus=7.3
redhat Enterprise Linux Server Tus=7.6
redhat Enterprise Linux Server Tus=7.7
redhat Enterprise Linux Workstation=6.0
redhat Enterprise Linux Workstation=7.0
Apple iTunes<=12.4.1
Microsoft Windows
Slackware Slackware Linux=14.0
Slackware Slackware Linux=14.1
Oracle VM Server=3.3
Oracle VM Server=3.4
Apple tvOS<=9.2.1
Tenable Log Correlation Engine=4.8.0
McAfee Web Gateway<=7.5.2.10
McAfee Web Gateway>=7.6.0.0<=7.6.2.3
Oracle Linux=6
Oracle Linux=7-0

Event History

May 23, 2016
Data Sourced
via Red Hat·09:44 AM
DescriptionSeverityAffected Software
Jun 9, 2016
CVE Published
via MITRE·04:00 PM
Data Sourced
via MITRE·04:00 PM
Description
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2016-4448?

CVE-2016-4448 has not been assigned a specific CVSS score but is categorized as a format string vulnerability in libxml2.

2

How do I fix CVE-2016-4448?

To fix CVE-2016-4448, update libxml2 to version 2.9.4 or later.

3

Which software is affected by CVE-2016-4448?

CVE-2016-4448 affects versions of libxml2 prior to 2.9.4, and certain software relying on older versions of this library.

4

What kind of attacks can CVE-2016-4448 enable?

CVE-2016-4448 allows attackers to potentially execute arbitrary code via crafted input that exploits the format string vulnerability.

5

Is my system vulnerable to CVE-2016-4448?

To determine if your system is vulnerable to CVE-2016-4448, check if you are using libxml2 version 2.9.3 or earlier.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203