libxml2: Denial of service

ID ASA-201410-12
Type archlinux
Reporter Arch Linux
Modified 2014-10-24T00:00:00


Daniel Berrange discovered that libxml2 incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, leads to the exhaustion of CPU and memory resources or file descriptors.