CVE-2017-7010

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
appleicloud
𝑥
≤ 6.2.1
appleitunes
𝑥
≤ 12.6.1
appleiphone_os
𝑥
≤ 10.3.2
applemac_os_x
𝑥
≤ 10.12.5
appletvos
𝑥
≤ 10.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxml2
artful
not-affected
zesty
not-affected
yakkety
ignored
xenial
not-affected
wily
ignored
trusty
not-affected
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99889
http://www.securitytracker.com/id/1038950
https://support.apple.com/HT207922
https://support.apple.com/HT207923
https://support.apple.com/HT207924
https://support.apple.com/HT207927
https://support.apple.com/HT207928
http://www.securityfocus.com/bid/99889
http://www.securitytracker.com/id/1038950
https://support.apple.com/HT207922
https://support.apple.com/HT207923
https://support.apple.com/HT207924
https://support.apple.com/HT207927
https://support.apple.com/HT207928