CVE-2016-9063: Integer Overflow
An integer overflow during the parsing of XML using the Expat library.
Other sources
libexpat. Multiple issues were addressed by updating to version 2.2.1
Credit
Affected Software
Event History
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2017-13832
- CVE-2017-13829
- CVE-2017-13833
- CVE-2017-7083
- CVE-2017-0381
- CVE-2017-13825
- CVE-2017-13815
- CVE-2017-13828
- CVE-2017-13830
- CVE-2017-13814
- CVE-2017-13831
- CVE-2017-13817
- CVE-2017-13818
- CVE-2017-13836
- CVE-2017-13841
- CVE-2017-13840
- CVE-2017-13842
- CVE-2017-13782
- CVE-2017-13843
- CVE-2017-7114
- CVE-2017-13854
- CVE-2017-13834
- CVE-2017-13873
- CVE-2017-13813
- CVE-2017-13816
- CVE-2017-13812
- CVE-2017-7086
- CVE-2017-1000373
- CVE-2016-9063
- CVE-2017-9233
- CVE-2017-9049
- CVE-2017-5130
- CVE-2017-7376
- CVE-2017-9050
- CVE-2017-13822
- CVE-2017-7080
- CVE-2017-10989
- CVE-2017-7128
- CVE-2017-7129
- CVE-2017-7130
- CVE-2017-7127
- CVE-2017-7081
- CVE-2017-7087
- CVE-2017-7091
- CVE-2017-7092
- CVE-2017-7093
- CVE-2017-7094
- CVE-2017-7095
- CVE-2017-7096
- CVE-2017-7098
- CVE-2017-7099
- CVE-2017-7100
- CVE-2017-7102
- CVE-2017-7104
- CVE-2017-7107
- CVE-2017-7111
- CVE-2017-7117
- CVE-2017-7120
- CVE-2017-7090
- CVE-2017-7109
- CVE-2017-11120
- CVE-2017-11121
- CVE-2017-7103
- CVE-2017-7105
- CVE-2017-7108
- CVE-2017-7110
- CVE-2017-7112
- CVE-2017-7115
- CVE-2017-7116
- CVE-2017-11122
- CVE-2016-9840
- CVE-2016-9841
- CVE-2016-9842
- CVE-2016-9843
- CVE-2016-0736
- CVE-2016-2161
- CVE-2016-5387
- CVE-2016-8740
- CVE-2016-8743
- CVE-2017-13909
- CVE-2017-13809
- CVE-2017-7084
- CVE-2017-7074
- CVE-2017-13820
- CVE-2017-13807
- CVE-2017-7143
- CVE-2017-13821
- CVE-2017-13890
- CVE-2017-13851
- CVE-2017-7138
- CVE-2017-7121
- CVE-2017-7122
- CVE-2017-7123
- CVE-2017-7124
- CVE-2017-7125
- CVE-2017-7126
- CVE-2017-13811
- CVE-2017-13835
- CVE-2017-11103
- CVE-2017-13819
- CVE-2017-13837
- CVE-2017-13906
- CVE-2017-7077
- CVE-2017-7119
- CVE-2017-13810
- CVE-2017-13827
- CVE-2016-4736
- CVE-2018-4302
- CVE-2017-7141
- CVE-2017-7078
- CVE-2017-6451
- CVE-2017-6452
- CVE-2017-6455
- CVE-2017-6458
- CVE-2017-6459
- CVE-2017-6460
- CVE-2017-6462
- CVE-2017-6463
- CVE-2017-6464
- CVE-2016-9042
- CVE-2017-13824
- CVE-2017-13846
- CVE-2017-10140
- CVE-2017-7132
- CVE-2017-13823
- CVE-2017-13808
- CVE-2017-13838
- CVE-2017-7082
- CVE-2017-13908
- CVE-2017-13839
- CVE-2017-13910
- CVE-2016-5296
- CVE-2016-5292
- CVE-2016-5293
- CVE-2016-5294
- CVE-2016-5297
- CVE-2016-9064
- CVE-2016-9065
- CVE-2016-9066
- CVE-2016-9067
- CVE-2016-9068
- CVE-2016-9072
- CVE-2016-9075
- CVE-2016-9077
- CVE-2016-5291
- CVE-2016-5295
- CVE-2016-5298
- CVE-2016-5299
- CVE-2016-9061
- CVE-2016-9062
- CVE-2016-9070
- CVE-2016-9073
- CVE-2016-9074
- CVE-2016-9076
- CVE-2016-9071
- CVE-2016-5289
- CVE-2016-5290
- CVE-2017-13863
- CVE-2017-7131
- CVE-2017-7088
- CVE-2017-7072
- CVE-2017-7140
- CVE-2017-7148
- CVE-2017-7097
- CVE-2017-7118
- CVE-2017-7133
- CVE-2017-7075
- CVE-2017-7139
- CVE-2017-13806
- CVE-2017-7085
- CVE-2017-13877
- CVE-2017-7146
- CVE-2017-6211
- CVE-2017-7145
- CVE-2017-7089
- CVE-2017-7106
- CVE-2017-7144
- CVE-2017-7142
Frequently Asked Questions
What is CVE-2016-9063?
CVE-2016-9063 is a vulnerability that involves an integer overflow during the parsing of XML using the Expat library.
Which software is affected by CVE-2016-9063?
Firefox versions prior to 50, Mozilla Firefox, Debian Linux 8.0, Debian Linux 9.0, Debian Linux 10.0, Python 2.7.0 to 2.7.15, Python 3.3.0 to 3.3.7, Python 3.4.0 to 3.4.7, Python 3.5.0 to 3.5.4, Python 3.6.0 to 3.6.2, macOS High Sierra (up to version 10.13), iOS (up to version 11), tvOS (up to version 11), and watchOS (up to version 4) are affected by this vulnerability.
What is the severity of CVE-2016-9063?
CVE-2016-9063 has a severity keyword of 'critical' and a severity value of 9.8.
How do I fix CVE-2016-9063 in Firefox?
To fix CVE-2016-9063 in Firefox, update to version 50 or later.
How do I fix CVE-2016-9063 in the Expat library?
To fix CVE-2016-9063 in the Expat library, update to version 2.2.1 or later.