There are multiple vulnerabilities in Libxml2 library used by IBM Streams. IBM Streams has addressed the applicable CVEs.
CVE-ID: CVE-2016-2073
Description: libxml2 is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds read in the htmlParseNameComplex() function. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.300
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/110307> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVE-ID: CVE-2016-9318
Description: Libxml2 could allow a remote attacker to obtain sensitive information, caused by failure to offer a flag directly indicating the status of current document. By using a specially-crafted document to conduct a XML external entity (XXE) attack, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.500
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/119018 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
The following versions may be impacted:
NOTE: Fix Packs are available on IBM Fix Central.
To remediate/fix this issue, follow the instructions below:
None